From: Ilia Alshanetsky <iliaa@php.net>
Date: Thu, 22 Apr 2004 00:31:55 +0000 (+0000)
Subject: Fixed possible crash inside pg_copy_(to|from) function if delimiter is more
X-Git-Tag: php-5.0.0RC2~29
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=8694cd135df5bd9c4e93ac96b619b6114c5790f0;p=php

Fixed possible crash inside pg_copy_(to|from) function if delimiter is more
then 1 character long.
---

diff --git a/ext/pgsql/pgsql.c b/ext/pgsql/pgsql.c
index 30916a7bee..81f6749463 100644
--- a/ext/pgsql/pgsql.c
+++ b/ext/pgsql/pgsql.c
@@ -2658,8 +2658,8 @@ PHP_FUNCTION(pg_copy_to)
 	ZEND_FETCH_RESOURCE2(pgsql, PGconn *, &pgsql_link, id, "PostgreSQL link", le_link, le_plink);
 
 	query = (char *)emalloc(strlen(query_template) + strlen(table_name) + strlen(pg_null_as) + 1);
-	sprintf(query, "COPY \"%s\" TO STDOUT DELIMITERS '%s' WITH NULL AS '%s'",
-			table_name,	pg_delim, pg_null_as);
+	sprintf(query, "COPY \"%s\" TO STDOUT DELIMITERS '%c' WITH NULL AS '%s'",
+			table_name, *pg_delim, pg_null_as);
 
 	while ((pgsql_result = PQgetResult(pgsql))) {
 		PQclear(pgsql_result);
@@ -2768,8 +2768,8 @@ PHP_FUNCTION(pg_copy_from)
 	ZEND_FETCH_RESOURCE2(pgsql, PGconn *, &pgsql_link, id, "PostgreSQL link", le_link, le_plink);
 
 	query = (char *)emalloc(strlen(query_template) + strlen(table_name) + strlen(pg_null_as) + 1);
-	sprintf(query, "COPY \"%s\" FROM STDIN DELIMITERS '%s' WITH NULL AS '%s'",
-			table_name, pg_delim, pg_null_as);
+	sprintf(query, "COPY \"%s\" FROM STDIN DELIMITERS '%c' WITH NULL AS '%s'",
+			table_name, *pg_delim, pg_null_as);
 	while ((pgsql_result = PQgetResult(pgsql))) {
 		PQclear(pgsql_result);
 	}