Fixed bug #63235 (buffer overflow in use of SQLGetDiagRec)

diff --git a/NEWS b/NEWS
index 0417dcb47d5b4bc8b13a9f88d8c5916119cc94f7..46c9bf490942f79a09d1dc27c938c19c2ac872c7 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -2,6 +2,10 @@ PHP                                                                        NEWS
 |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
 ?? ??? 2012, PHP 5.3.19
 
+- PDO:
+  . Fixed bug #63235 (buffer overflow in use of SQLGetDiagRec).
+    (Martin Osvald, Remi)
+
 ?? ??? 2012, PHP 5.3.18
 
 (NOTE: Add your entries above for 5.3.19, entries for 5.3.18 should only

diff --git a/ext/pdo_odbc/odbc_driver.c b/ext/pdo_odbc/odbc_driver.c
index 84a147b80c2decedcd8c3fc7d987393b3772ffec..ca2808c6f5438b5c4f975c1f251b3271d3e9d596 100755 (executable)
--- a/ext/pdo_odbc/odbc_driver.c
+++ b/ext/pdo_odbc/odbc_driver.c
@@ -114,7 +114,7 @@ void pdo_odbc_error(pdo_dbh_t *dbh, pdo_stmt_t *stmt, PDO_ODBC_HSTMT statement,
         * diagnostic records (which can be generated by PRINT statements
         * in the query, for instance). */
        while (rc == SQL_SUCCESS || rc == SQL_SUCCESS_WITH_INFO) {
-               char discard_state[5];
+               char discard_state[6];
                char discard_buf[1024];
                SQLINTEGER code;
                rc = SQLGetDiagRec(htype, eh, recno++, discard_state, &code,