php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #67134 missing null terminator for uniqueidentifier value
Submitted: 2014-04-26 08:56 UTC Modified: -
From: kaido at tradenet dot ee Assigned:
Status: Closed Package: PDO DBlib
PHP Version: 5.4Git-2014-04-26 (Git) OS: debian
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: kaido at tradenet dot ee
New email:
PHP Version: OS:

 

 [2014-04-26 08:56 UTC] kaido at tradenet dot ee 
Description:
------------
PHP 5.4.29-dev (cli) (built: Apr 24 2014 16:49:28) (DEBUG)
Copyright (c) 1997-2014 The PHP Group
Zend Engine v2.4.0, Copyright (c) 1998-2014 Zend Technologies


pdo_dblib does not set null terminator for returned uniqueidentifier column


Test script:
---------------
<?php

        $dsn = "dblib:host=xxx.xxx.xxx;dbname=xxx";
        $pdo = new PDO($dsn, 'xxxx', 'xxxx');

        $stmt = $pdo->query('select newid() ');
        $res =  $stmt->fetch();

        var_dump($res);

        unset ($stmt);

?>


Expected result:
----------------
array(2) {
  [""]=>
  string(36) "29E3B7BD-63DD-47C5-B58C-E41F12E4CAE3"
  [0]=>
  string(36) "29E3B7BD-63DD-47C5-B58C-E41F12E4CAE3"
}



Actual result:
--------------
array(2) {
  [""]=>
  string(36) "29E3B7BD-63DD-47C5-B58C-E41F12E4CAE3"
  [0]=>
  string(36) "29E3B7BD-63DD-47C5-B58C-E41F12E4CAE3"
}

Warning: String is not zero-terminated (29E3B7BD-63DD-47C5-B58C-E41F12E4CAE3 ) (source: /root/php/php-src/Zend/zend_execute_API.c:436) in Unknown on line 0

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2014-04-26 09:01 UTC] kaido at tradenet dot ee 
The bug is in ext/pdo_dblib/dblib_stmt.c: pdo_dblib_stmt_get_col()


current code:
                case SQLUNIQUE: {
                        *len = 36+1;
                        tmp_ptr = emalloc(*len + 1);

                        /* uniqueidentifier is a 16-byte binary number, convert to 32 char hex string */
                        *len = dbconvert(NULL, SQLUNIQUE, *ptr, *len, SQLCHAR, tmp_ptr, *len);
                        php_strtoupper(tmp_ptr, *len);
                        *ptr = tmp_ptr;
                        break;
                }

the length is correctly set to 36+1 (reserving 1 for the null terminator), but the terminator itselt is not set. Also, the comment there is outdated and no longer relevant, so removed.

the code should be as follows:

                case SQLUNIQUE: {
                        *len = 36+1;
                        tmp_ptr = emalloc(*len + 1);

                        *len = dbconvert(NULL, SQLUNIQUE, *ptr, *len, SQLCHAR, tmp_ptr, *len);
                        php_strtoupper(tmp_ptr, *len);
                        tmp_ptr[36] = '\0';
                        *ptr = tmp_ptr;
                        break;


Can someome with better knowledge of the code confirm my observations, and commit the fix, please.
 [2014-10-21 04:46 UTC] ssufficool@php.net 
Automatic comment on behalf of ssufficool
Revision: http://git.php.net/?p=php-src.git;a=commit;h=09cf64678a76fbbe9eb897a128b65dc5618f2ad1
Log: Fix bug #67134 (PDO_DBLIB Missing null string terminator)
 [2014-10-21 04:46 UTC] ssufficool@php.net
-Status: Open +Status: Closed
 [2014-10-24 20:29 UTC] ab@php.net 
Automatic comment on behalf of ssufficool
Revision: http://git.php.net/?p=php-src.git;a=commit;h=09cf64678a76fbbe9eb897a128b65dc5618f2ad1
Log: Fix bug #67134 (PDO_DBLIB Missing null string terminator)
 [2016-07-20 11:40 UTC] davey@php.net 
Automatic comment on behalf of ssufficool
Revision: http://git.php.net/?p=php-src.git;a=commit;h=09cf64678a76fbbe9eb897a128b65dc5618f2ad1
Log: Fix bug #67134 (PDO_DBLIB Missing null string terminator)
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Wed Jan 15 11:01:31 2025 UTC