From: Ilia Alshanetsky <iliaa@php.net>
Date: Tue, 11 Oct 2005 16:19:14 +0000 (+0000)
Subject: MFH: Fixed bug #33167 (Possible crash inside pg_fetch_array()).
X-Git-Tag: php-5.1.0RC2~29
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=ea4734926eac15e9e4f29c5644730d4cf9eb65b5;p=php

MFH: Fixed bug #33167 (Possible crash inside pg_fetch_array()).
---

diff --git a/NEWS b/NEWS
index 6821e4d10d..13c9db472e 100644
--- a/NEWS
+++ b/NEWS
@@ -116,6 +116,7 @@ PHP                                                                        NEWS
 - Fixed bug #34199 (if($obj)/if(!$obj) inconsistency because of cast handler).
   (Dmitry, Alex)
 - Fixed bug #34191 (ob_gzhandler does not enforce trailing \0). (Ilia)
+- Fixed bug #33167 (Possible crash inside pg_fetch_array()). (Ilia)
 - Fixed bug #34156 (memory usage remains elevated after memory limit is 
   reached). (Ilia)
 - Fixed bug #34148 (+,- and . not supported as parts of scheme). (Ilia)
diff --git a/ext/pgsql/pgsql.c b/ext/pgsql/pgsql.c
index bcd49ab1be..6802e87329 100644
--- a/ext/pgsql/pgsql.c
+++ b/ext/pgsql/pgsql.c
@@ -1872,11 +1872,11 @@ PHP_FUNCTION(pg_fetch_result)
 /* {{{ void php_pgsql_fetch_hash */
 static void php_pgsql_fetch_hash(INTERNAL_FUNCTION_PARAMETERS, long result_type, int into_object)
 {
-	zval                *result, *zrow;
+	zval                *result;
 	PGresult            *pgsql_result;
 	pgsql_result_handle *pg_result;
 	int             i, num_fields, pgsql_row, use_row;
-	long            row;
+	long            row = -1;
 	char            *element, *field_name;
 	uint            element_len;
 	zval            *ctor_params = NULL;
@@ -1886,9 +1886,9 @@ static void php_pgsql_fetch_hash(INTERNAL_FUNCTION_PARAMETERS, long result_type,
 		char *class_name;
 		int class_name_len;
 
-		if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "r|zsz", &result, &zrow, &class_name, &class_name_len, &ctor_params) == FAILURE) {
+		if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "r|lsz", &result, &row, &class_name, &class_name_len, &ctor_params) == FAILURE) {
 			return;
-		}
+			}
 		if (ZEND_NUM_ARGS() < 3) {
 			ce = zend_standard_class_def;
 		} else {
@@ -1900,15 +1900,11 @@ static void php_pgsql_fetch_hash(INTERNAL_FUNCTION_PARAMETERS, long result_type,
 		}
 		result_type = PGSQL_ASSOC;
 	} else {
-		if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "r|zl", &result, &zrow, &result_type) == FAILURE) {
+		if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "r|ll", &result, &row, &result_type) == FAILURE) {
 			return;
 		}
 	}
-	use_row = ZEND_NUM_ARGS() > 1 && Z_TYPE_P(zrow) != IS_NULL;
-	if (use_row) {
-		convert_to_long_ex(&zrow);
-		row = Z_LVAL_P(zrow);
-	}
+	use_row = ZEND_NUM_ARGS() > 1 && row != -1;
 
 	if (!(result_type & PGSQL_BOTH)) {
 		php_error_docref(NULL TSRMLS_CC, E_WARNING, "Invalid result type");