|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #50597 odbc_result for a long varchar with defaultlrl=4k returns uninitialized memory
Submitted: 2009-12-28 20:59 UTC Modified: -
Avg. Score:3.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:0 (0.0%)
Same OS:0 (0.0%)
From: cdf123 at cdf123 dot net Assigned:
Status: Open Package: ODBC related
PHP Version: 5.3.1 OS: Gentoo Linux
Private report: No CVE-ID: None
Have you experienced this issue?
Rate the importance of this bug to you:

 [2009-12-28 20:59 UTC] cdf123 at cdf123 dot net
odbc_result looks like it is initializing the result string to the length of the data in the field, but the defaultlrl is limits how much is returned, so the remaining bytes seem to be random uninitialized memory.

Reproduce code:
$data = '000';
for($x=1;$x<12;$x++) $data .= $data;
$db = odbc_connect('DSN', 'user', 'pass');
odbc_exec($db, 'CREATE TABLE Temp (id int, seq int, contents varchar(8000))');
odbc_exec($db, 'INSERT INTO Temp (id, seq, contents) VALUES (1, 1, \'' . $data . '\')');
$rst = odbc_exec($db, 'select * from Temp');
while(odbc_fetch_row($rst)) echo odbc_result($rst, 'contents');

Expected result:
4096 '0's

Actual result:
4096 '0's and 2048 bytes of binary data


Add a Patch

Pull Requests

Add a Pull Request

PHP Copyright © 2001-2020 The PHP Group
All rights reserved.
Last updated: Wed Jun 03 12:01:26 2020 UTC