From b5d2a4aa12e3d43d23f5529be4cca07fa07c89c0 Mon Sep 17 00:00:00 2001
From: Ilia Alshanetsky <iliaa@php.net>
Date: Thu, 22 Apr 2004 00:32:07 +0000
Subject: [PATCH] MFH: Fixed possible crash inside pg_copy_(to|from) function
 if delimiter is more then 1 character long.

---
 NEWS              | 2 ++
 ext/pgsql/pgsql.c | 8 ++++----
 2 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/NEWS b/NEWS
index 040bd363ce..16c049d82e 100644
--- a/NEWS
+++ b/NEWS
@@ -1,6 +1,8 @@
 PHP 4                                                                      NEWS
 |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
 ?? ??? 2004, Version 4.3.7
+- Fixed possible crash inside pg_copy_(to|from) function if delimiter is more
+  then 1 character long. (Ilia)
 - Fixed handling of return values from storred procedures in mssql_execute()
   with multiple result sets returned. (Frank)
 - Fixed bug #28055 (timeout duration too long in feof()/pfsockopen() liveness
diff --git a/ext/pgsql/pgsql.c b/ext/pgsql/pgsql.c
index 06cfe78172..7739347539 100644
--- a/ext/pgsql/pgsql.c
+++ b/ext/pgsql/pgsql.c
@@ -2515,8 +2515,8 @@ PHP_FUNCTION(pg_copy_to)
 	ZEND_FETCH_RESOURCE2(pgsql, PGconn *, &pgsql_link, id, "PostgreSQL link", le_link, le_plink);
 
 	query = (char *)emalloc(strlen(query_template) + strlen(table_name) + strlen(pg_null_as) + 1);
-	sprintf(query, "COPY \"%s\" TO STDOUT DELIMITERS '%s' WITH NULL AS '%s'",
-			table_name,	pg_delim, pg_null_as);
+	sprintf(query, "COPY \"%s\" TO STDOUT DELIMITERS '%c' WITH NULL AS '%s'",
+			table_name, *pg_delim, pg_null_as);
 
 	while ((pgsql_result = PQgetResult(pgsql))) {
 		PQclear(pgsql_result);
@@ -2625,8 +2625,8 @@ PHP_FUNCTION(pg_copy_from)
 	ZEND_FETCH_RESOURCE2(pgsql, PGconn *, &pgsql_link, id, "PostgreSQL link", le_link, le_plink);
 
 	query = (char *)emalloc(strlen(query_template) + strlen(table_name) + strlen(pg_null_as) + 1);
-	sprintf(query, "COPY \"%s\" FROM STDIN DELIMITERS '%s' WITH NULL AS '%s'",
-			table_name, pg_delim, pg_null_as);
+	sprintf(query, "COPY \"%s\" FROM STDIN DELIMITERS '%c' WITH NULL AS '%s'",
+			table_name, *pg_delim, pg_null_as);
 	while ((pgsql_result = PQgetResult(pgsql))) {
 		PQclear(pgsql_result);
 	}
-- 
2.50.1