MFH: fix #35508 (PDO fails when unknown fetch mode specified)

diff --git a/ext/pdo/pdo_stmt.c b/ext/pdo/pdo_stmt.c
index a6f7d1f8265daa8cc55eab2bec7e905bc843970a..9b3a5639fc0a4cdaa225198fc9f25e87366c2b6f 100755 (executable)
--- a/ext/pdo/pdo_stmt.c
+++ b/ext/pdo/pdo_stmt.c
@@ -1116,6 +1116,11 @@ static int do_fetch(pdo_stmt_t *stmt, int do_bind, zval *return_value,
 static int pdo_stmt_verify_mode(pdo_stmt_t *stmt, int mode, int fetch_all TSRMLS_DC) /* {{{ */
 {
        int flags = mode & PDO_FETCH_FLAGS;
+
+       if (mode < 0 || mode > PDO_FETCH__MAX) {
+               pdo_raise_impl_error(stmt->dbh, stmt, "HY000", "invalid fetch mode" TSRMLS_CC);
+               return 0;
+       }
        
        mode = mode & ~PDO_FETCH_FLAGS;
 
@@ -1713,10 +1718,12 @@ fail_out:
        mode = Z_LVAL_PP(args[skip]);
        
        if (!pdo_stmt_verify_mode(stmt, mode, 0 TSRMLS_CC)) {
+               efree(args);
                return FAILURE;
        }
 
        switch (mode & ~PDO_FETCH_FLAGS) {
+               case PDO_FETCH_USE_DEFAULT:
                case PDO_FETCH_LAZY:
                case PDO_FETCH_ASSOC:
                case PDO_FETCH_NUM:
@@ -1796,6 +1803,7 @@ fail_out:
                        } else {
                                pdo_raise_impl_error(stmt->dbh, stmt, "22003", "mode is out of range" TSRMLS_CC);
                        }
+                       efree(args);
                        return FAILURE;
        }