From c038c2e7c909b684df67b17a5513c0d10e2ae092 Mon Sep 17 00:00:00 2001 From: "MiRacLe.RPZ" Date: Fri, 3 Jul 2015 10:28:06 +0300 Subject: [PATCH 1/4] Segmentation fault on pdo_dblib::nextRowset (bug #69757) --- ext/pdo_dblib/dblib_stmt.c | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/ext/pdo_dblib/dblib_stmt.c b/ext/pdo_dblib/dblib_stmt.c index 263ae6dcb8fdc..9f47f0f7ed5e8 100644 --- a/ext/pdo_dblib/dblib_stmt.c +++ b/ext/pdo_dblib/dblib_stmt.c @@ -203,8 +203,15 @@ static int pdo_dblib_stmt_describe(pdo_stmt_t *stmt, int colno TSRMLS_DC) } struct pdo_column_data *col = &stmt->columns[colno]; - - col->name = (char*)dbcolname(H->link, colno+1); + + char *fname = (char*)dbcolname(H->link, colno+1); + char computed_buf[16]; + if (*fname) { + col->name = estrdup(fname); + } else { + snprintf(computed_buf,16,"computed%d", colno); + col->name = estrdup(computed_buf); + } col->maxlen = dbcollen(H->link, colno+1); col->namelen = strlen(col->name); col->param_type = PDO_PARAM_STR; From 87e4bf3a6c022748d2bbfea9c3a4cc41b52c172e Mon Sep 17 00:00:00 2001 From: "MiRacLe.RPZ" Date: Mon, 6 Jul 2015 23:31:57 +0300 Subject: [PATCH 2/4] testcase fot bug #69757 --- ext/pdo_dblib/tests/bug_69757.phpt | 32 ++++++++++++++++++++++++++++++ 1 file changed, 32 insertions(+) create mode 100644 ext/pdo_dblib/tests/bug_69757.phpt diff --git a/ext/pdo_dblib/tests/bug_69757.phpt b/ext/pdo_dblib/tests/bug_69757.phpt new file mode 100644 index 0000000000000..6c4aee0b6db56 --- /dev/null +++ b/ext/pdo_dblib/tests/bug_69757.phpt @@ -0,0 +1,32 @@ +--TEST-- +PDO_DBLIB: Segmentation fault on pdo_dblib::nextRowset +--SKIPIF-- + +--FILE-- +query($sql); +$resultset1 = $stmt->fetchAll(PDO::FETCH_ASSOC); +if (true !== $stmt->nextRowset()) { + die('expect TRUE on nextRowset'); +} +$resultset2 = $stmt->fetchAll(PDO::FETCH_ASSOC); +if (false !== $stmt->nextRowset()) { + die('expect FALSE on nextRowset'); +} +$stmt->closeCursor(); + +echo "OK\n"; +?> +--EXPECT-- +OK From 5bd30c9d85be151295d2d660f50fb426493d67fa Mon Sep 17 00:00:00 2001 From: "MiRacLe.RPZ" Date: Wed, 2 Sep 2015 22:36:14 +0300 Subject: [PATCH 3/4] dblib's dbcolname can return null in some cases --- ext/pdo_dblib/dblib_stmt.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ext/pdo_dblib/dblib_stmt.c b/ext/pdo_dblib/dblib_stmt.c index 9f47f0f7ed5e8..5efded9deb62f 100644 --- a/ext/pdo_dblib/dblib_stmt.c +++ b/ext/pdo_dblib/dblib_stmt.c @@ -206,7 +206,7 @@ static int pdo_dblib_stmt_describe(pdo_stmt_t *stmt, int colno TSRMLS_DC) char *fname = (char*)dbcolname(H->link, colno+1); char computed_buf[16]; - if (*fname) { + if (fname && *fname) { col->name = estrdup(fname); } else { snprintf(computed_buf,16,"computed%d", colno); From b593eec5bb649a7f6e98b9c50f40bcd7a85c93d1 Mon Sep 17 00:00:00 2001 From: "MiRacLe.RPZ" Date: Sun, 18 Oct 2015 00:31:38 +0300 Subject: [PATCH 4/4] use spprintf instead (no need to estrdup afterwards). --- ext/pdo_dblib/dblib_stmt.c | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/ext/pdo_dblib/dblib_stmt.c b/ext/pdo_dblib/dblib_stmt.c index 5efded9deb62f..0b519995ca000 100644 --- a/ext/pdo_dblib/dblib_stmt.c +++ b/ext/pdo_dblib/dblib_stmt.c @@ -205,15 +205,14 @@ static int pdo_dblib_stmt_describe(pdo_stmt_t *stmt, int colno TSRMLS_DC) struct pdo_column_data *col = &stmt->columns[colno]; char *fname = (char*)dbcolname(H->link, colno+1); - char computed_buf[16]; + if (fname && *fname) { col->name = estrdup(fname); + col->namelen = strlen(col->name); } else { - snprintf(computed_buf,16,"computed%d", colno); - col->name = estrdup(computed_buf); + col->namelen = spprintf(&col->name, NULL, "computed%d", colno); } col->maxlen = dbcollen(H->link, colno+1); - col->namelen = strlen(col->name); col->param_type = PDO_PARAM_STR; return 1;