|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #28679 Improper handling of datetime results
Submitted: 2004-06-07 20:25 UTC Modified: 2004-07-22 01:00 UTC
From: bmr at comtime dot com Assigned:
Status: No Feedback Package: Sybase (dblib) related
PHP Version: 4.3.4 OS: Linux
Private report: No CVE-ID: None
Have you experienced this issue?
Rate the importance of this bug to you:

 [2004-06-07 20:25 UTC] bmr at comtime dot com
There is a bug with php_sybase_get_column_content().  This is observed when you take a datetime column result and pass it into strtotime().  The problem seems to be related to the string not being null terminated.  Here is the part of the function with the problem:

switch (coltype(offset)) {
  case SYBIMAGE:
    res_length *= 2;
  case SYBCHAR:
  case SYBTEXT:
  /* take no chances, no telling how big the result would really be */
    res_length += 20;

res_buf = (char *) emalloc(res_length+1);
memset(res_buf,' ',res_length+1);  /* XXX i'm sure there's a better way
                                                                                                          but i don't have sybase here to test
                                                                                                          991105 thies<at>  */
                                dbconvert(NULL,coltype(offset),dbdata(sybase_ptr->link,offset), src_length,SYBCHAR,res_buf,res_length);
Z_STRLEN_P(result) = res_length;
Z_STRVAL_P(result) = res_buf;
Z_TYPE_P(result) = IS_STRING;

------------------------------ end code ------------------

This does not null terminate the string coming back which causes problems.  I would have thought that since the length is stored with the value the PHP would honor that and not go beyond that boundary, but this does not appear to be the case.  Adding this line after dbconvert() seems to fix the problem:
res_buf[res_length] = '\0';

But the whole "res_length += 20" thing scares me a little as well.

Reproduce code:
See description.  It would be hard to reproduce without setting up a database, etc.

Expected result:
strtotime() returns 0.


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2004-07-22 01:00 UTC] php-bugs at lists dot php dot net
No feedback was provided for this bug for over a week, so it is
being suspended automatically. If you are able to provide the
information that was originally requested, please do so and change
the status of the bug back to "Open".
PHP Copyright © 2001-2021 The PHP Group
All rights reserved.
Last updated: Mon Nov 29 20:03:13 2021 UTC