- MFH: Fixed memory corruption in pg_copy_from() in case the as_null parameter was

  passed.

diff --git a/NEWS b/NEWS
index fbfe172fe179b831f64b43d1b6859fbda750e7ed..e1821569720ee68c02029504a80bee7ed2e9a0f3 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -9,6 +9,8 @@ PHP                                                                        NEWS
 - Added PHP_INT_MAX and PHP_INT_SIZE as predefined constants. (Andrey)
 - Changed sha1_file() and md5_file() functions to use streams instead of
   low level IO. (Uwe)
+- Fixed memory corruption in pg_copy_from() in case the as_null parameter was
+  passed. (Derick)
 - Fixed ext/mysqli to allocate less memory when fetching bound params
   of type (MEDIUM|LONG)BLOB/(MEDIUM|LONG)TEXT. (Andrey)
 - Fixed memory corruption in ImageTTFText() with 64bit systems. (Andrey)

diff --git a/ext/pgsql/pgsql.c b/ext/pgsql/pgsql.c
index 904fb128883a4c9bfce5ed4cf1baf233cee2a6f9..a69f1f035bc9e10a0f44f11b700af57167814451 100644 (file)
--- a/ext/pgsql/pgsql.c
+++ b/ext/pgsql/pgsql.c
@@ -2750,6 +2750,7 @@ PHP_FUNCTION(pg_copy_from)
        zval **tmp;
        char *table_name, *pg_delim = NULL, *pg_null_as = NULL;
        int  table_name_len, pg_delim_len, pg_null_as_len;
+       int  pg_null_as_free = 0;
        char *query;
        char *query_template = "COPY \"\" FROM STDIN DELIMITERS ':' WITH NULL AS ''";
        HashPosition pos;
@@ -2769,6 +2770,7 @@ PHP_FUNCTION(pg_copy_from)
        }
        if (!pg_null_as) {
                pg_null_as = safe_estrdup("\\\\N");
+               pg_null_as_free = 1;
        }
 
        ZEND_FETCH_RESOURCE2(pgsql, PGconn *, &pgsql_link, id, "PostgreSQL link", le_link, le_plink);
@@ -2781,7 +2783,9 @@ PHP_FUNCTION(pg_copy_from)
        }
        pgsql_result = PQexec(pgsql, query);
 
-       efree(pg_null_as);
+       if (pg_null_as_free) {
+               efree(pg_null_as);
+       }
        efree(query);
 
        if (pgsql_result) {