Fix unregistered bug in zval pointer/array juggling

# Thinko: element of a **zval[] is usually not a *zval[]
# I can't believe this has gone undetected for 4+ years!

diff --git a/ext/interbase/ibase_query.c b/ext/interbase/ibase_query.c
index 9930040e2f3150b152651deda381339742b7b71b..68abf99c463a36f6c8fe7607da6d01706da29315 100644 (file)
--- a/ext/interbase/ibase_query.c
+++ b/ext/interbase/ibase_query.c
@@ -603,14 +603,14 @@ static int _php_ibase_bind_array(zval *val, char *buf, unsigned long buf_size, /
 }              
 /* }}} */
 
-static int _php_ibase_bind(XSQLDA *sqlda, zval **b_vars, BIND_BUF *buf, /* {{{ */
+static int _php_ibase_bind(XSQLDA *sqlda, zval ***b_vars, BIND_BUF *buf, /* {{{ */
        ibase_query *ib_query TSRMLS_DC)
 {
        int i, array_cnt = 0, rv = SUCCESS;
 
        for (i = 0; i < sqlda->sqld; ++i) { /* bound vars */
 
-               zval *b_var = b_vars[i];
+               zval *b_var = *b_vars[i];
                XSQLVAR *var = &sqlda->sqlvar[i];
 
                var->sqlind = &buf[i].sqlind;
@@ -881,19 +881,19 @@ static void _php_ibase_alloc_xsqlda(XSQLDA *sqlda) /* {{{ */
 /* }}} */
 
 static int _php_ibase_exec(INTERNAL_FUNCTION_PARAMETERS, ibase_result **ib_resultp, /* {{{ */
-       ibase_query *ib_query, int argc, zval **args)
+       ibase_query *ib_query, int argc, zval ***args)
 {
        XSQLDA *in_sqlda = NULL, *out_sqlda = NULL;
        BIND_BUF *bind_buf = NULL;
-       int rv = FAILURE;
+       int i, rv = FAILURE;
        static char info_count[] = { isc_info_sql_records };
        char result[64];
        ISC_STATUS isc_result;
 
        RESET_ERRMSG;
 
-       if (argc > 0 && args != NULL) {
-               SEPARATE_ZVAL(args);
+       for (i = 0; i < argc; ++i) {
+               SEPARATE_ZVAL(args[i]);
        }
 
        switch (ib_query->statement_type) {
@@ -1072,7 +1072,7 @@ _php_ibase_exec_error:
    Execute a query */
 PHP_FUNCTION(ibase_query)
 {
-       zval ***args, **bind_args = NULL;
+       zval ***args, ***bind_args = NULL;
        int i, bind_n = 0, trans_res_id = 0;
        ibase_db_link *ib_link = NULL;
        ibase_trans *trans = NULL;
@@ -1186,7 +1186,7 @@ PHP_FUNCTION(ibase_query)
 
        if (ZEND_NUM_ARGS() > i) { /* have variables to bind */
                bind_n = ZEND_NUM_ARGS() - i;
-               bind_args = args[i];
+               bind_args = &args[i];
        }
 
        /* open default transaction */
@@ -1830,7 +1830,7 @@ PHP_FUNCTION(ibase_prepare)
    Execute a previously prepared query */
 PHP_FUNCTION(ibase_execute)
 {
-       zval ***args, **bind_args = NULL;
+       zval ***args, ***bind_args = NULL;
        ibase_query *ib_query;
        ibase_result *result = NULL;
 
@@ -1850,7 +1850,7 @@ PHP_FUNCTION(ibase_execute)
        ZEND_FETCH_RESOURCE(ib_query, ibase_query *, args[0], -1, "InterBase query", le_query);
 
        if (ZEND_NUM_ARGS() > 1) { /* have variables to bind */
-               bind_args = args[1];
+               bind_args = &args[1];
        }
 
        /* Have we used this cursor before and it's still open (exec proc has no cursor) ? */