PHP :: Bug #48913 :: Too long error code strings in pdo

Bug #48913	Too long error code strings in pdo_odbc driver
Submitted:	2009-07-14 12:06 UTC	Modified:	2009-07-15 02:36 UTC
From:	naf at altlinux dot ru	Assigned:
Status:	Closed	Package:	PDO related
PHP Version:	5.3CVS-2009-07-14 (snap)	OS:	*
Private report:	No	CVE-ID:	None

View Developer Edit

[2009-07-14 12:06 UTC] naf at altlinux dot ru

Description:
------------
In odbc_stmt.c, in functions odbc_stmt_set_param(), line 766 and 
odbc_stmt_get_attr(), line 798, error code "IM0001" is placed in the 
(pdo_odbc_stmt *)S->einfo.last_state.

The length of this error code string ("IM0001") is 7 bytes, but 
last_state field declared as (php_pdo_odbc_int.h, line 121):
char last_state[6].

So buffer overflow will happen when executing
'strcpy(S->einfo.last_state, "IM0001")'.

Comparing to other PDO drivers it seems that error code should be 5 
char in length, i.e. "IM001".

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2009-07-15 02:36 UTC] felipe@php.net

This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.

Fixed in 5.2, 5.3 and HEAD. Thanks.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Sat Nov 01 04:00:02 2025 UTC