PHP :: Bug #71943 :: dblib_handle_quoter needs to allocate an extra byte

Bug #71943	dblib_handle_quoter needs to allocate an extra byte
Submitted:	2016-04-01 15:22 UTC	Modified:	-
From:	adam dot baratz at gmail dot com	Assigned:
Status:	Closed	Package:	PDO DBlib
PHP Version:	7.0.5	OS:	Linux
Private report:	No	CVE-ID:	None

View Developer Edit

Welcome! If you don't have a Git account, you can't do anything here.
If you reported this bug, you can edit this bug over here.

php.net Username: php.net Password:

Quick Fix:	(description)
	Block user comment
Status:		Assign to:
Package:
Bug Type:
Summary:
From:	adam dot baratz at gmail dot com
New email:
PHP Version:		OS:

New/Additional Comment:

[2016-04-01 15:22 UTC] adam dot baratz at gmail dot com

Description:
------------
The provided test produces the correct results, but a leak is detected when run with valgrind:

==25754== Invalid write of size 1
==25754==    at 0xF16C0F8: dblib_handle_quoter (dblib_driver.c:198)
==25754==    by 0x792AD4: zim_PDO_quote (pdo_dbh.c:1149)
==25754==    by 0xA8EF54: ZEND_DO_FCALL_SPEC_RETVAL_USED_HANDLER (zend_vm_execute.h:1222)
==25754==    by 0xA8D20F: execute_ex (zend_vm_execute.h:424)
==25754==    by 0xA8D324: zend_execute (zend_vm_execute.h:468)
==25754==    by 0xA30E11: zend_execute_scripts (zend.c:1427)
==25754==    by 0x9A26A5: php_execute_script (main.c:2494)
==25754==    by 0xB0AE82: do_cli (php_cli.c:982)
==25754==    by 0xB0BE30: main (php_cli.c:1352)
==25754==  Address 0xf73a7b3 is 0 bytes after a block of size 3 alloc'd
==25754==    at 0x4C28C20: malloc (vg_replace_malloc.c:296)
==25754==    by 0x9FC76B: _emalloc (zend_alloc.c:2446)
==25754==    by 0xF16C056: dblib_handle_quoter (dblib_driver.c:184)
==25754==    by 0x792AD4: zim_PDO_quote (pdo_dbh.c:1149)
==25754==    by 0xA8EF54: ZEND_DO_FCALL_SPEC_RETVAL_USED_HANDLER (zend_vm_execute.h:1222)
==25754==    by 0xA8D20F: execute_ex (zend_vm_execute.h:424)
==25754==    by 0xA8D324: zend_execute (zend_vm_execute.h:468)
==25754==    by 0xA30E11: zend_execute_scripts (zend.c:1427)
==25754==    by 0x9A26A5: php_execute_script (main.c:2494)
==25754==    by 0xB0AE82: do_cli (php_cli.c:982)
==25754==    by 0xB0BE30: main (php_cli.c:1352)
==25754== 


Test script:
---------------
--TEST--
PDO_DBLIB: Ensure quote function returns expected results
--SKIPIF--
<?php
if (!extension_loaded('pdo_dblib')) die('skip not loaded');
require dirname(__FILE__) . '/config.inc';
?>
--FILE--
<?php
require dirname(__FILE__) . '/config.inc';
var_dump($db->quote(true, PDO::PARAM_BOOL));
var_dump($db->quote(false, PDO::PARAM_BOOL));
var_dump($db->quote(42, PDO::PARAM_INT));
var_dump($db->quote(null, PDO::PARAM_NULL));
var_dump($db->quote('\'', PDO::PARAM_STR));
var_dump($db->quote('foo', PDO::PARAM_STR));
?>
--EXPECT--
string(3) "'1'"
string(2) "''"
string(4) "'42'"
string(2) "''"
string(4) "''''"
string(5) "'foo'"

Patches

Pull Requests

Pull requests:

Fix #71943: dblib_handle_quoter needs to allocate an extra byte (php-src/1846)

History

AllCommentsChangesGit/SVN commitsRelated reports

[2016-04-04 15:43 UTC] ab@php.net

Automatic comment on behalf of adam.baratz@gmail.com
Revision: http://git.php.net/?p=php-src.git;a=commit;h=9fcfc18ca9a38ed318f8a7026c0eda27aed79f28
Log: Fix #71943: dblib_handle_quoter needs to allocate an extra byte

[2016-04-04 15:43 UTC] ab@php.net

-Status: Open +Status: Closed

[2016-07-20 11:32 UTC] davey@php.net

Automatic comment on behalf of adam.baratz@gmail.com
Revision: http://git.php.net/?p=php-src.git;a=commit;h=9fcfc18ca9a38ed318f8a7026c0eda27aed79f28
Log: Fix #71943: dblib_handle_quoter needs to allocate an extra byte

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Thu Nov 21 14:01:29 2024 UTC