From: Ilia Alshanetsky <iliaa@php.net>
Date: Thu, 22 Apr 2004 00:32:07 +0000 (+0000)
Subject: MFH: Fixed possible crash inside pg_copy_(to|from) function if delimiter is
X-Git-Tag: php-4.3.7RC1~63
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=b5d2a4aa12e3d43d23f5529be4cca07fa07c89c0;p=php

MFH: Fixed possible crash inside pg_copy_(to|from) function if delimiter is
more then 1 character long.
---

diff --git a/NEWS b/NEWS
index 040bd363ce..16c049d82e 100644
--- a/NEWS
+++ b/NEWS
@@ -1,6 +1,8 @@
 PHP 4                                                                      NEWS
 |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
 ?? ??? 2004, Version 4.3.7
+- Fixed possible crash inside pg_copy_(to|from) function if delimiter is more
+  then 1 character long. (Ilia)
 - Fixed handling of return values from storred procedures in mssql_execute()
   with multiple result sets returned. (Frank)
 - Fixed bug #28055 (timeout duration too long in feof()/pfsockopen() liveness
diff --git a/ext/pgsql/pgsql.c b/ext/pgsql/pgsql.c
index 06cfe78172..7739347539 100644
--- a/ext/pgsql/pgsql.c
+++ b/ext/pgsql/pgsql.c
@@ -2515,8 +2515,8 @@ PHP_FUNCTION(pg_copy_to)
 	ZEND_FETCH_RESOURCE2(pgsql, PGconn *, &pgsql_link, id, "PostgreSQL link", le_link, le_plink);
 
 	query = (char *)emalloc(strlen(query_template) + strlen(table_name) + strlen(pg_null_as) + 1);
-	sprintf(query, "COPY \"%s\" TO STDOUT DELIMITERS '%s' WITH NULL AS '%s'",
-			table_name,	pg_delim, pg_null_as);
+	sprintf(query, "COPY \"%s\" TO STDOUT DELIMITERS '%c' WITH NULL AS '%s'",
+			table_name, *pg_delim, pg_null_as);
 
 	while ((pgsql_result = PQgetResult(pgsql))) {
 		PQclear(pgsql_result);
@@ -2625,8 +2625,8 @@ PHP_FUNCTION(pg_copy_from)
 	ZEND_FETCH_RESOURCE2(pgsql, PGconn *, &pgsql_link, id, "PostgreSQL link", le_link, le_plink);
 
 	query = (char *)emalloc(strlen(query_template) + strlen(table_name) + strlen(pg_null_as) + 1);
-	sprintf(query, "COPY \"%s\" FROM STDIN DELIMITERS '%s' WITH NULL AS '%s'",
-			table_name, pg_delim, pg_null_as);
+	sprintf(query, "COPY \"%s\" FROM STDIN DELIMITERS '%c' WITH NULL AS '%s'",
+			table_name, *pg_delim, pg_null_as);
 	while ((pgsql_result = PQgetResult(pgsql))) {
 		PQclear(pgsql_result);
 	}