php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #10252 strcat() used on uninitialized string
Submitted: 2001-04-09 15:30 UTC Modified: 2001-04-19 15:57 UTC
From: dzoll at nyscul dot org Assigned:
Status: Closed Package: ODBC related
PHP Version: 4.0.4pl1 OS: linux
Private report: No CVE-ID: None
 [2001-04-09 15:30 UTC] dzoll at nyscul dot org
I was getting intermittent errors connecting to databases. 
Sometimes it would work fine, sometimes my connect string
would turn to gibberish and sometimes the process would
segfault.

On further examination, in
ext/odbc/php_odbc.c:odbc_sqlconnect(), within the
if(strstr(char *)db,";") block, there is a line
"strcat(ldb,db);".  At this point in the code, ldb was just
emalloced, and had uninitialized contents.  I think strcpy()
is more appopriate here, and changing the code to this seems
to have cleared up my errors.

Thank you very much.

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2001-04-16 23:10 UTC] kalowsky@php.net
Joey Smith has(had?) a patch he was considering applying that should fix this problem as well... waiting to hear back from him currently on it's status...
 [2001-04-17 23:42 UTC] joey@php.net
Closed in CVS. I actually used strlcpy() instead, but same
general concept.
 [2001-04-18 10:24 UTC] kalowsky@php.net
pssst... Joey... you need to submit the changes to CVS BEFORE you close the bug ;)
 [2001-04-19 15:57 UTC] kalowsky@php.net
now it's commited to cvs
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Thu Mar 28 23:01:26 2024 UTC