]> granicus.if.org Git - php/commitdiff
projects / php / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: c35bd48)
Fixed bug #71573 (Segfault (core dumped) if paramno beyond bound)
authorXinchen Hui <laruence@gmail.com>
Wed, 11 May 2016 03:12:27 +0000 (11:12 +0800)
committerXinchen Hui <laruence@gmail.com>
Wed, 11 May 2016 03:12:27 +0000 (11:12 +0800)
NEWS patch | blob | history
ext/pdo_pgsql/pgsql_statement.c patch | blob | history
ext/pdo_pgsql/tests/bug71573.phpt [new file with mode: 0644] patch | blob

diff --git a/NEWS b/NEWS
index 16b39b51b780bc3f6b99a42993ed8c4f87dbcc64..245ae996dbaf4a3d2e13acbe53b106e9cbedcbf1 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -2,6 +2,10 @@ PHP                                                                        NEWS
 |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
 ?? ??? 2016 PHP 7.0.8
 
+- PDO_pgsql:
+  . Fixed bug #71573 (Segfault (core dumped) if paramno beyond bound).
+    (Laruence)
+
 
 26 May 2016 PHP 7.0.7
 
diff --git a/ext/pdo_pgsql/pgsql_statement.c b/ext/pdo_pgsql/pgsql_statement.c
index a6a69ac3d04b3e6e1abf98f4e03dc454f0ab51ad..fb6249aa14cde30ccd79a9a390e5b8a0e5ce15e0 100644 (file)
--- a/ext/pdo_pgsql/pgsql_statement.c
+++ b/ext/pdo_pgsql/pgsql_statement.c
@@ -288,6 +288,10 @@ static int pgsql_stmt_param_hook(pdo_stmt_t *stmt, struct pdo_bound_param_data *
                                break;
 
                        case PDO_PARAM_EVT_ALLOC:
+                               if (!zend_hash_index_exists(stmt->bound_param_map, param->paramno)) {
+                                       pdo_raise_impl_error(stmt->dbh, stmt, "HY093", "parameter was not defined");
+                                       return 0;
+                               }
                        case PDO_PARAM_EVT_EXEC_POST:
                        case PDO_PARAM_EVT_FETCH_PRE:
                        case PDO_PARAM_EVT_FETCH_POST:
@@ -315,10 +319,12 @@ static int pgsql_stmt_param_hook(pdo_stmt_t *stmt, struct pdo_bound_param_data *
                                if (param->paramno >= 0) {
                                        zval *parameter;
 
+                                       /*
                                        if (param->paramno >= zend_hash_num_elements(stmt->bound_params)) {
                                                pdo_raise_impl_error(stmt->dbh, stmt, "HY093", "parameter was not defined");
                                                return 0;
                                        }
+                                       */
 
                                        if (Z_ISREF(param->parameter)) {
                                                parameter = Z_REFVAL(param->parameter);
diff --git a/ext/pdo_pgsql/tests/bug71573.phpt b/ext/pdo_pgsql/tests/bug71573.phpt
new file mode 100644 (file)
index 0000000..d3046bf
--- /dev/null
+++ b/ext/pdo_pgsql/tests/bug71573.phpt
@@ -0,0 +1,21 @@
+--TEST--
+Bug #71573 (Segfault (core dumped) if paramno beyond bound)
+--SKIPIF--
+<?php
+if (!extension_loaded('pdo') || !extension_loaded('pdo_pgsql')) die('skip not loaded');
+require_once dirname(__FILE__) . '/../../../ext/pdo/tests/pdo_test.inc';
+require_once dirname(__FILE__) . '/config.inc';
+PDOTest::skip();
+?>
+--FILE--
+<?php
+require_once dirname(__FILE__) . '/../../../ext/pdo/tests/pdo_test.inc';
+require_once dirname(__FILE__) . '/config.inc';
+$db = PDOTest::test_factory(dirname(__FILE__) . '/common.phpt');
+
+$statement = $db->prepare('select ?');
+$statement->execute([ 'test', 'test', 'test' ]);
+
+?>
+--EXPECTF--
+Warning: PDOStatement::execute(): SQLSTATE[HY093]: Invalid parameter number: parameter was not defined in %sbug71573.php on line %d
Unnamed repository; edit this file 'description' to name the repository.