php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #50597 odbc_result for a long varchar with defaultlrl=4k returns uninitialized memory
Submitted: 2009-12-28 20:59 UTC Modified: 2020-10-06 15:58 UTC
Votes:1
Avg. Score:3.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:0 (0.0%)
Same OS:0 (0.0%)
From: cdf123 at cdf123 dot net Assigned: cmb (profile)
Status: Duplicate Package: ODBC related
PHP Version: 5.3.1 OS: Gentoo Linux
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: cdf123 at cdf123 dot net
New email:
PHP Version: OS:

 

 [2009-12-28 20:59 UTC] cdf123 at cdf123 dot net
Description:
------------
odbc_result looks like it is initializing the result string to the length of the data in the field, but the defaultlrl is limits how much is returned, so the remaining bytes seem to be random uninitialized memory.

Reproduce code:
---------------
<?php
$data = '000';
for($x=1;$x<12;$x++) $data .= $data;
$db = odbc_connect('DSN', 'user', 'pass');
odbc_exec($db, 'CREATE TABLE Temp (id int, seq int, contents varchar(8000))');
odbc_exec($db, 'INSERT INTO Temp (id, seq, contents) VALUES (1, 1, \'' . $data . '\')');
$rst = odbc_exec($db, 'select * from Temp');
while(odbc_fetch_row($rst)) echo odbc_result($rst, 'contents');
odbc_free_result($rst);
?>

Expected result:
----------------
4096 '0's

Actual result:
--------------
4096 '0's and 2048 bytes of binary data

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2020-10-06 15:58 UTC] cmb@php.net
-Status: Open +Status: Duplicate -Assigned To: +Assigned To: cmb
 [2020-10-06 15:58 UTC] cmb@php.net
I'm closing this as duplicate of bug #80147, which has recently
been fixed.
 
PHP Copyright © 2001-2020 The PHP Group
All rights reserved.
Last updated: Wed Oct 21 23:01:22 2020 UTC