From ab84306fc746800db67cf456a5a1d53316bd8366 Mon Sep 17 00:00:00 2001 From: Antony Dovgal Date: Tue, 10 Apr 2007 20:28:49 +0000 Subject: [PATCH] fix #41043 (pdo_oci crash when freeing error text with persistent connection) --- NEWS | 2 ++ ext/pdo_oci/oci_driver.c | 22 +++++++++++++++------- 2 files changed, 17 insertions(+), 7 deletions(-) diff --git a/NEWS b/NEWS index 617bc59158..08b326be82 100644 --- a/NEWS +++ b/NEWS @@ -47,6 +47,8 @@ PHP NEWS - Fixed zend_llist_remove_tail (Michael Wallner, Dmitry) - Fixed a thread safety issue in gd gif read code (Nuno, Roman Nemecek) - Fixed CVE-2007-1001, GD wbmp used with invalid image size (Pierre) +- Fixed bug #41043 (pdo_oci crash when freeing error text with persistent + connection). (Tony) - Fixed bug #41037 (unregister_tick_function() inside the tick function crash PHP). (Tony) - Fixed bug #41026 (segfault when calling "self::method()" in shutdown functions). diff --git a/ext/pdo_oci/oci_driver.c b/ext/pdo_oci/oci_driver.c index a2a0964674..7b7db287aa 100755 --- a/ext/pdo_oci/oci_driver.c +++ b/ext/pdo_oci/oci_driver.c @@ -58,6 +58,7 @@ static int pdo_oci_fetch_error_func(pdo_dbh_t *dbh, pdo_stmt_t *stmt, zval *info ub4 _oci_error(OCIError *err, pdo_dbh_t *dbh, pdo_stmt_t *stmt, char *what, sword status, const char *file, int line TSRMLS_DC) /* {{{ */ { text errbuf[1024] = "<>"; + char tmp_buf[2048]; pdo_oci_db_handle *H = (pdo_oci_db_handle *)dbh->driver_data; pdo_oci_error_info *einfo; pdo_oci_stmt *S = NULL; @@ -89,26 +90,33 @@ ub4 _oci_error(OCIError *err, pdo_dbh_t *dbh, pdo_stmt_t *stmt, char *what, swor break; case OCI_ERROR: OCIErrorGet(err, (ub4)1, NULL, &einfo->errcode, errbuf, (ub4)sizeof(errbuf), OCI_HTYPE_ERROR); - spprintf(&einfo->errmsg, 0, "%s: %s (%s:%d)", what, errbuf, file, line); + slprintf(tmp_buf, sizeof(tmp_buf), "%s: %s (%s:%d)", what, errbuf, file, line); + einfo->errmsg = pestrdup(tmp_buf, dbh->is_persistent); break; case OCI_SUCCESS_WITH_INFO: OCIErrorGet(err, (ub4)1, NULL, &einfo->errcode, errbuf, (ub4)sizeof(errbuf), OCI_HTYPE_ERROR); - spprintf(&einfo->errmsg, 0, "%s: OCI_SUCCESS_WITH_INFO: %s (%s:%d)", what, errbuf, file, line); + slprintf(tmp_buf, sizeof(tmp_buf), "%s: OCI_SUCCESS_WITH_INFO: %s (%s:%d)", what, errbuf, file, line); + einfo->errmsg = pestrdup(tmp_buf, dbh->is_persistent); break; case OCI_NEED_DATA: - spprintf(&einfo->errmsg, 0, "%s: OCI_NEED_DATA (%s:%d)", what, file, line); + slprintf(tmp_buf, sizeof(tmp_buf), "%s: OCI_NEED_DATA (%s:%d)", what, file, line); + einfo->errmsg = pestrdup(tmp_buf, dbh->is_persistent); break; case OCI_NO_DATA: - spprintf(&einfo->errmsg, 0, "%s: OCI_NO_DATA (%s:%d)", what, file, line); + slprintf(tmp_buf, sizeof(tmp_buf), "%s: OCI_NO_DATA (%s:%d)", what, file, line); + einfo->errmsg = pestrdup(tmp_buf, dbh->is_persistent); break; case OCI_INVALID_HANDLE: - spprintf(&einfo->errmsg, 0, "%s: OCI_INVALID_HANDLE (%s:%d)", what, file, line); + slprintf(tmp_buf, sizeof(tmp_buf), "%s: OCI_INVALID_HANDLE (%s:%d)", what, file, line); + einfo->errmsg = pestrdup(tmp_buf, dbh->is_persistent); break; case OCI_STILL_EXECUTING: - spprintf(&einfo->errmsg, 0, "%s: OCI_STILL_EXECUTING (%s:%d)", what, file, line); + slprintf(tmp_buf, sizeof(tmp_buf), "%s: OCI_STILL_EXECUTING (%s:%d)", what, file, line); + einfo->errmsg = pestrdup(tmp_buf, dbh->is_persistent); break; case OCI_CONTINUE: - spprintf(&einfo->errmsg, 0, "%s: OCI_CONTINUE (%s:%d)", what, file, line); + slprintf(tmp_buf, sizeof(tmp_buf), "%s: OCI_CONTINUE (%s:%d)", what, file, line); + einfo->errmsg = pestrdup(tmp_buf, dbh->is_persistent); break; } -- 2.40.0