com php-src: FIX BUG #64338, #64808, #63638: ext/pdo_dblib/db lib_driver.c ext/pdo_dblib/dblib_stmt.c ext/pdo _dblib/php_pdo_dblib_int.h

From: Stanley Sufficool Date: Sat, 01 Jun 2013 05:53:08 +0000

Subject: com php-src: FIX BUG #64338, #64808, #63638: ext/pdo_dblib/db lib_driver.c ext/pdo_dblib/dblib_stmt.c ext/pdo _dblib/php_pdo_dblib_int.h

Groups: php.cvs

Request: Send a blank email to [email protected] to get a copy of this message

Commit:    0e2bcf3373d914a215784c041a2a4c3b6afc2034
Author:    Stanley Sufficool <[email protected]>         Fri, 31 May 2013 22:53:08 -0700
Parents:   d22c7368e77d3da464e66898e96c0457b6f2d672
Branches:  master

Link:       http://git.php.net/?p=php-src.git;a=commitdiff;h=0e2bcf3373d914a215784c041a2a4c3b6afc2034

Log:
FIX BUG #64338, #64808, #63638

PDO DBLIB would segfault on getcolumn meta when colno was
out of bounds. DBLIB connection specified null arg to dbsetopt
per Microsoft technical docs, but FreeTDS complains. The SQL USE
statement was invalid for SQL Azure, use DBSETLDBNAME instead.

Bugs:
https://bugs.php.net/64338
https://bugs.php.net/64808
https://bugs.php.net/63638

Changed paths:
  M  ext/pdo_dblib/dblib_driver.c
  M  ext/pdo_dblib/dblib_stmt.c
  M  ext/pdo_dblib/php_pdo_dblib_int.h


Diff:
diff --git a/ext/pdo_dblib/dblib_driver.c b/ext/pdo_dblib/dblib_driver.c
index ffc9101..0def312 100644
--- a/ext/pdo_dblib/dblib_driver.c
+++ b/ext/pdo_dblib/dblib_driver.c
@@ -315,10 +315,10 @@ static int pdo_dblib_handle_factory(pdo_dbh_t *dbh, zval *driver_options
TSRMLS_
 	DBSETOPT(H->link, DBTEXTSIZE, "2147483647");
 
 	/* allow double quoted indentifiers */
-	DBSETOPT(H->link, DBQUOTEDIDENT, NULL);
+	DBSETOPT(H->link, DBQUOTEDIDENT, "1");
 
-	if (vars[3].optval && FAIL == dbuse(H->link, vars[3].optval)) {
-		goto cleanup;
+	if (vars[3].optval) {
+		DBSETLDBNAME(H->login, vars[3].optval);
 	}
 
 	ret = 1;
diff --git a/ext/pdo_dblib/dblib_stmt.c b/ext/pdo_dblib/dblib_stmt.c
index f806789..d2b5736 100644
--- a/ext/pdo_dblib/dblib_stmt.c
+++ b/ext/pdo_dblib/dblib_stmt.c
@@ -87,7 +87,8 @@ static int dblib_dblib_stmt_cursor_closer(pdo_stmt_t *stmt TSRMLS_DC)
 
 	/* Cancel any pending results */
 	dbcancel(H->link);
-	efree(stmt->columns);
+	
+	efree(stmt->columns); 
 	stmt->columns = NULL;
 	
 	return 1;
@@ -110,7 +111,12 @@ static int pdo_dblib_stmt_next_rowset(pdo_stmt_t *stmt TSRMLS_DC)
 	
 	ret = dbresults(H->link);
 	
-	if (ret == FAIL || ret == NO_MORE_RESULTS) {
+	if (FAIL == ret) {
+		pdo_raise_impl_error(stmt->dbh, stmt, "HY000", "DBLIB: dbresults() returned
FAIL" TSRMLS_CC);		
+		return 0;
+	}
+		
+	if(NO_MORE_RESULTS == ret) {
 		return 0;
 	}
 	
@@ -161,7 +167,12 @@ static int pdo_dblib_stmt_fetch(pdo_stmt_t *stmt,
 	
 	ret = dbnextrow(H->link);
 	
-	if (ret == FAIL || ret == NO_MORE_ROWS) {
+	if (FAIL == ret) {
+		pdo_raise_impl_error(stmt->dbh, stmt, "HY000", "DBLIB: dbnextrow() returned
FAIL" TSRMLS_CC);
+		return 0;
+	}
+		
+	if(NO_MORE_ROWS == ret) {
 		return 0;
 	}
 	
@@ -173,6 +184,10 @@ static int pdo_dblib_stmt_describe(pdo_stmt_t *stmt, int colno TSRMLS_DC)
 	pdo_dblib_stmt *S = (pdo_dblib_stmt*)stmt->driver_data;
 	pdo_dblib_db_handle *H = S->H;
 	
+	if(colno >= stmt->column_count || colno < 0)  {
+		return FAILURE;
+	}
+	
 	struct pdo_column_data *col = &stmt->columns[colno];
 	
 	col->name = (char*)dbcolname(H->link, colno+1);
@@ -224,20 +239,12 @@ static int pdo_dblib_stmt_get_col(pdo_stmt_t *stmt, int colno, char **ptr,
 			*ptr = tmp_ptr;
 			break;
 		}
-#ifdef SQLUNIQUE
 		case SQLUNIQUE: {
-#else
-		case 36: { /* FreeTDS hack, also used by ext/mssql */
-#endif
 			*len = 36+1;
 			tmp_ptr = emalloc(*len + 1);
 
 			/* uniqueidentifier is a 16-byte binary number, convert to 32 char hex string */
-#ifdef SQLUNIQUE
 			*len = dbconvert(NULL, SQLUNIQUE, *ptr, *len, SQLCHAR, tmp_ptr, *len);
-#else
-			*len = dbconvert(NULL, 36, *ptr, *len, SQLCHAR, tmp_ptr, *len);
-#endif
 			php_strtoupper(tmp_ptr, *len);
 			*ptr = tmp_ptr;
 			break;
@@ -269,11 +276,17 @@ static int pdo_dblib_stmt_get_column_meta(pdo_stmt_t *stmt, long colno, zval
*re
 {
 	pdo_dblib_stmt *S = (pdo_dblib_stmt*)stmt->driver_data;
 	pdo_dblib_db_handle *H = S->H;
-	
+	DBTYPEINFO* dbtypeinfo;
+
+	if(colno >= stmt->column_count || colno < 0)  {
+		return FAILURE;
+	}
+
 	array_init(return_value);
 
-	DBTYPEINFO* dbtypeinfo;
 	dbtypeinfo = dbcoltypeinfo(H->link, colno+1);
+	
+	if(!dbtypeinfo) return FAILURE;
 		
 	add_assoc_long(return_value, "max_length", dbcollen(H->link, colno+1) );
 	add_assoc_long(return_value, "precision", (int) dbtypeinfo->precision );
diff --git a/ext/pdo_dblib/php_pdo_dblib_int.h b/ext/pdo_dblib/php_pdo_dblib_int.h
index dd06a1d..3670de7 100644
--- a/ext/pdo_dblib/php_pdo_dblib_int.h
+++ b/ext/pdo_dblib/php_pdo_dblib_int.h
@@ -71,6 +71,8 @@
 # define SQLVARBINARY	SYBVARBINARY
 # ifdef SYBUNIQUE
 #  define SQLUNIQUE		SYBUNIQUE
+#else 
+#  define SQLUNIQUE		36 /* FreeTDS Hack */
 # endif
 
 # define DBERRHANDLE(a, b)	dberrhandle(b)

Thread (6 messages)

Stanley SufficoolSat, 01 Jun 2013 05:53:08 +0000
Stas MalyshevMon, 03 Jun 2013 05:53:06 +0000Re: com php-src: FIX BUG #64338, #64808, #63638: ext/pdo_dblib/dblib_driver.cext/pdo_dblib/dblib_stmt.c ext/pdo_dblib/php_pdo_dblib_int.h
Stanley SufficoolTue, 04 Jun 2013 02:28:49 +0000Re: com php-src: FIX BUG #64338, #64808, #63638:ext/pdo_dblib/dblib_driver.c ext/pdo_dblib/dblib_stmt.c ext/pdo_dblib/php_pdo_dblib_int.h
Stanley SufficoolTue, 04 Jun 2013 04:01:57 +0000
Stas MalyshevTue, 04 Jun 2013 04:30:00 +0000Re: com php-src: FIX BUG #64338, #64808, #63638: ext/pdo_dblib/dblib_driver.cext/pdo_dblib/dblib_stmt.c ext/pdo_dblib/php_pdo_dblib_int.h
Stas MalyshevTue, 04 Jun 2013 05:04:20 +0000Re: com php-src: FIX BUG #64338, #64808, #63638: ext/pdo_dblib/dblib_driver.cext/pdo_dblib/dblib_stmt.c ext/pdo_dblib/php_pdo_dblib_int.h

« previous	php.cvs (#72269)	next »

From:	Stanley Sufficool	Date:	Sat, 01 Jun 2013 05:53:08 +0000
Subject:	com php-src: FIX BUG #64338, #64808, #63638: ext/pdo_dblib/db lib_driver.c ext/pdo_dblib/dblib_stmt.c ext/pdo _dblib/php_pdo_dblib_int.h
Groups:	php.cvs
Request:	Send a blank email to [email protected] to get a copy of this message