]> granicus.if.org Git - php/commitdiff
projects / php / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 65056e9)
Check the return value of dbconvert() in mssql_guid_string(), as it may return -1...
authorKalle Sommer Nielsen <kalle@php.net>
Sat, 6 Aug 2016 08:17:49 +0000 (10:17 +0200)
committerKalle Sommer Nielsen <kalle@php.net>
Sat, 6 Aug 2016 08:17:49 +0000 (10:17 +0200)
Also initialize buffer and buffer2 to NULL, which should fix bug #72039 (Use of uninitialised value on mssql_guid_string).

This only applies to 5.6, as we do not have mssql in 7.0 anymore

NEWS patch | blob | history
ext/mssql/php_mssql.c patch | blob | history

diff --git a/NEWS b/NEWS
index 8b955722c372d4a37b22e0f654445730befb25ec..10f030221ae3e4c89309389d1e3d68b36c357cc8 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -2,6 +2,9 @@ PHP                                                                        NEWS
 |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
 ?? ??? 2016, PHP 5.6.26
 
+- MSSQL:
+  . Fixed bug #72039 (Use of uninitialised value on mssql_guid_string). (Kalle)
+
 18 Aug 2016, PHP 5.6.25
 
 - Core:
diff --git a/ext/mssql/php_mssql.c b/ext/mssql/php_mssql.c
index aa1ea5460400d651917753eb4ad38f38bbd7fdce..20ac190e0a72f1a5b2e4d011381a3d2fbdd2f440 100644 (file)
--- a/ext/mssql/php_mssql.c
+++ b/ext/mssql/php_mssql.c
@@ -2235,21 +2235,24 @@ PHP_FUNCTION(mssql_guid_string)
        char *binary;
        int binary_len;
        zend_bool sf = 0;
-       char buffer[32+1];
-       char buffer2[36+1];
+       char buffer[32+1] = NULL;
 
        if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "s|b", &binary, &binary_len, &sf) == FAILURE) {
                return;
        }
 
-       dbconvert(NULL, SQLBINARY, (BYTE*) binary, MIN(16, binary_len), SQLCHAR, buffer, -1);
+       if (dbconvert(NULL, SQLBINARY, (BYTE*) binary, MIN(16, binary_len), SQLCHAR, buffer, (DBINT) -1) == -1) {
+               php_error_docref(NULL TSRMLS_CC, E_WARNING, "could not convert binary string to GUID string");
+               RETURN_FALSE;
+       }
 
        if (sf) {
                php_strtoupper(buffer, 32);
                RETURN_STRING(buffer, 1);
-       }
-       else {
+       } else {
                int i;
+               char buffer2[36+1] = NULL;
+
                /* FIXME this works only on little endian machine */
                for (i=0; i<4; i++) {
                        buffer2[2*i] = buffer[6-2*i];
Unnamed repository; edit this file 'description' to name the repository.