fix(localization): critical memory safety bugs in encoding conversion

[SajanGhimire1]

CRITICAL FIXES:

1. Fixed NULL pointer dereference in SystemLocale::NextChar()

   • Added NULL check to prevent crash when start pointer is NULL
   • Prevents DoS attack via malformed encoding input

2. Fixed uninitialized pointer return in IConvCachePool::Borrow()

   • Explicitly set pCache to NULL after failed allocation
   • Prevents undefined behavior and potential memory corruption
   • Eliminates use-after-free/information disclosure risk

These memory safety vulnerabilities affect the SQL Server PHP driver when handling user-provided data with specific encoding conditions.

[jahnvi480]

/azp run

[azure-pipelines]

Azure Pipelines successfully started running 1 pipeline(s).

[jahnvi480]

@SajanGhimire1 Thanks for raising the PR for this fix, Can you please check why is the pipeline failing for all OSs and fix it, also I would like you to add some tests to check if the code that you have added really works.

[jahnvi480]

/azp run

[azure-pipelines]

Azure Pipelines successfully started running 1 pipeline(s).

[SajanGhimire1]

@SajanGhimire1 Thanks for raising the PR for this fix, Can you please check why is the pipeline failing for all OSs and fix it, also I would like you to add some tests to check if the code that you have added really works.

@jahnvi480 I’ve added the NULL pointer check in NextChar() and explicitly set pCache = NULL in IConvCachePool::Borrow(). These changes fix the memory safety issues and don’t alter any other logic.

[jahnvi480]

/azp run

[azure-pipelines]

Azure Pipelines successfully started running 1 pipeline(s).

[jahnvi480]

@SajanGhimire1 MacOs and Linux tests are failing can you check on this
https://sqlclientdrivers.visualstudio.com/public/_build/results?buildId=136656&view=logs&j=a5e52b91-c83f-5429-4a68-c246fc63a4f7&t=5852bf5a-5a02-52f3-bee8-4fdc90cda9d0

[SajanGhimire1]

@SajanGhimire1 MacOs and Linux tests are failing can you check on this https://sqlclientdrivers.visualstudio.com/public/_build/results?buildId=136656&view=logs&j=a5e52b91-c83f-5429-4a68-c246fc63a4f7&t=5852bf5a-5a02-52f3-bee8-4fdc90cda9d0

iam working on this.

[SajanGhimire1]

@SajanGhimire1 MacOs and Linux tests are failing can you check on this https://sqlclientdrivers.visualstudio.com/public/_build/results?buildId=136656&view=logs&j=a5e52b91-c83f-5429-4a68-c246fc63a4f7&t=5852bf5a-5a02-52f3-bee8-4fdc90cda9d0

@jahnvi480
This seems to be a pipeline/YAML configuration issue for macOS/Linux. Could you please confirm if the pipeline is expected to run driver builds on non-Windows agents, or if there’s a missing condition/template for those OSes?

[jahnvi480]

Pipeline is expected to run drivers build on all OSs

[jahnvi480]

/azp run

[azure-pipelines]

Azure Pipelines successfully started running 1 pipeline(s).

[David-Engel]

/azp run

[azure-pipelines]

Azure Pipelines successfully started running 1 pipeline(s).

[jahnvi480]

/azp run

[azure-pipelines]

Azure Pipelines successfully started running 1 pipeline(s).

[jahnvi480]

/azp run

[azure-pipelines]

Azure Pipelines successfully started running 1 pipeline(s).