From: Thies C. Arntzen <thies@php.net>
Date: Mon, 13 Nov 2000 17:30:52 +0000 (+0000)
Subject: @- Fixed column-title buffer-overflow in OCIFetchStatement(). (Thies)
X-Git-Tag: php-4.0.4RC3~220
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=db65d0e07601de6edcaef50a9b9d0630f04f8405;p=php

@- Fixed column-title buffer-overflow in OCIFetchStatement(). (Thies)
fix #7784
---

diff --git a/ext/oci8/oci8.c b/ext/oci8/oci8.c
index 25ffac677d..d01bd50173 100644
--- a/ext/oci8/oci8.c
+++ b/ext/oci8/oci8.c
@@ -3461,7 +3461,7 @@ PHP_FUNCTION(ocifetchstatement)
 	int i;
 	int mode = OCI_NUM;
 	int rows = 0;
-	char namebuf[ 128 ];
+	char *namebuf;
 	int ac = ZEND_NUM_ARGS();
 
 	if (ac < 2 || ac > 3 || zend_get_parameters_ex(ac, &stmt, &array, &fmode) == FAILURE) {
@@ -3489,10 +3489,10 @@ PHP_FUNCTION(ocifetchstatement)
 		MAKE_STD_ZVAL(tmp);
 		array_init(tmp);
 
-		memcpy(namebuf,columns[ i ]->name, columns[ i ]->name_len);
-		namebuf[ columns[ i ]->name_len ] = 0;
+		namebuf = estrndup(columns[ i ]->name,columns[ i ]->name_len);
 				
 		zend_hash_update((*array)->value.ht, namebuf, columns[ i ]->name_len+1, (void *) &tmp, sizeof(zval*), (void **) &(outarrs[ i ]));
+		efree(namebuf);
 	}
 
 	while (oci_fetch(statement, nrows, "OCIFetchStatement")) {