From: Christopher Jones <sixd@php.net>
Date: Fri, 16 Apr 2010 20:36:40 +0000 (+0000)
Subject: Fixed Bug #51577 (Uninitialized memory reference with oci_bind_array_by_name)
X-Git-Tag: php-5.3.3RC1~305
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=a81281867034c175e100a0f240c9a4b767fff629;p=php

Fixed Bug #51577 (Uninitialized memory reference with oci_bind_array_by_name)
---

diff --git a/NEWS b/NEWS
index 9bb73c3621..8e03a59134 100644
--- a/NEWS
+++ b/NEWS
@@ -17,6 +17,7 @@ PHP                                                                        NEWS
 - Fixed a NULL pointer dereference when processing invalid XML-RPC
   requests (Fixes CVE-2010-0397, bug #51288). (Raphael Geissert)
 
+- Fixed Bug #51577 (Uninitialized memory reference with oci_bind_array_by_name)
 - Fixed bug #51445 (var_dump() invalid/slow *RECURSION* detection). (Felipe)
 - Fixed bug #51394 (Error line reported incorrectly if error handler throws an 
   exception). (Stas)
diff --git a/ext/oci8/oci8_statement.c b/ext/oci8/oci8_statement.c
index fa5d915592..f7fda511a7 100644
--- a/ext/oci8/oci8_statement.c
+++ b/ext/oci8/oci8_statement.c
@@ -809,8 +809,16 @@ void php_oci_statement_free(php_oci_statement *statement TSRMLS_DC)
 int php_oci_bind_pre_exec(void *data, void *result TSRMLS_DC)
 {
 	php_oci_bind *bind = (php_oci_bind *) data;
+
 	*(int *)result = 0;
 
+	if (Z_TYPE_P(bind->zval) == IS_ARRAY) {
+		/* These checks are currently valid for oci_bind_by_name, not
+		 * oci_bind_array_by_name.  Also bind->type and
+		 * bind->indicator are not used for oci_bind_array_by_name.
+		 */
+		return 0;
+	}	
 	switch (bind->type) {
 		case SQLT_NTY:
 		case SQLT_BFILEE:
@@ -850,9 +858,8 @@ int php_oci_bind_pre_exec(void *data, void *result TSRMLS_DC)
 			}
 			break;
 	}
-	
-	/* reset all bind stuff to a normal state..-. */
 
+	/* reset all bind stuff to a normal state..-. */
 	bind->indicator = 0;
 
 	return 0;