From 58c34106896b4580e3115a5f6b3c530e2ef61c6e Mon Sep 17 00:00:00 2001 From: Ulf Wendel Date: Mon, 14 Sep 2009 16:51:11 +0000 Subject: [PATCH] Backport of http://news.php.net/php.cvs/60381 to PHP 5_2 which fixes a potential crash with ext/mysqli and Prepared Statements if the MySQL Server sends faulty metadata, see also http://news.php.net/php.cvs/60389 . I don't know of a way to crash PHP using a recent MySQL. But metadata has been a troublemaker in the past. Just in case... --- ext/mysqli/mysqli_api.c | 4 ++-- ext/mysqli/php_mysqli.h | 3 ++- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/ext/mysqli/mysqli_api.c b/ext/mysqli/mysqli_api.c index 7cd6f32ddc..039a771f91 100644 --- a/ext/mysqli/mysqli_api.c +++ b/ext/mysqli/mysqli_api.c @@ -364,7 +364,7 @@ PHP_FUNCTION(mysqli_stmt_bind_result) bind[ofs].buffer = stmt->result.buf[ofs].val; bind[ofs].is_null = &stmt->result.is_null[ofs]; bind[ofs].buffer_length = stmt->result.buf[ofs].buflen; - bind[ofs].length = &stmt->result.buf[ofs].buflen; + bind[ofs].length = &stmt->result.buf[ofs].output_len; break; } default: @@ -735,7 +735,7 @@ PHP_FUNCTION(mysqli_stmt_fetch) #else { #endif - ZVAL_STRINGL(stmt->result.vars[i], stmt->result.buf[i].val, stmt->result.buf[i].buflen, 1); + ZVAL_STRINGL(stmt->result.vars[i], stmt->result.buf[i].val, stmt->result.buf[i].output_len, 1); } } break; diff --git a/ext/mysqli/php_mysqli.h b/ext/mysqli/php_mysqli.h index 04bdc017a8..d874703190 100644 --- a/ext/mysqli/php_mysqli.h +++ b/ext/mysqli/php_mysqli.h @@ -52,8 +52,9 @@ enum mysqli_status { }; typedef struct { + char *val; ulong buflen; - char *val; + ulong output_len; ulong type; } VAR_BUFFER; -- 2.50.1