PHP :: Bug #56508 :: Segmentation fault when passing negative argument to getColumnMeta()

Bug #56508	Segmentation fault when passing negative argument to getColumnMeta()
Submitted:	2005-08-24 00:51 UTC	Modified:	2005-09-01 10:45 UTC
From:	demenev at gmail dot com	Assigned:
Status:	Closed	Package:	PDO_MYSQL (PECL)
PHP Version:	Irrelevant	OS:	Irrelevant
Private report:	No	CVE-ID:	None

View Add Comment Developer Edit

[2005-08-24 00:51 UTC] demenev at gmail dot com

Description:
------------
Passing negative values to getColumnMeta() leads to segfault, due to missing check for negative values.

Same applies to PDO_POSTGRESQL as well (did not check other drivers, same problem may exist there)

Reproduce code:
---------------
Simple patch to fix the problem:


--- mysql_statement.c.orig      2005-07-27 13:07:09.000000000 +1100
+++ mysql_statement.c   2005-08-24 15:45:20.388245424 +1100
@@ -458,7 +458,7 @@
        if (!S->result) {
                return FAILURE;
        }
-       if (colno >= stmt->column_count) {
+       if (colno >= stmt->column_count || colno < 0) {
                /* error invalid column */
                return FAILURE;
        }

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports

[2005-09-01 10:45 UTC] george at omniti dot com

This bug has been fixed in CVS.

In case this was a documentation problem, the fix will show up at the
end of next Sunday (CET) on pecl.php.net.

In case this was a pecl.php.net website problem, the change will show
up on the website in short time.
 
Thank you for the report, and for helping us make PECL better.

Fixed in HEAD and PHP_5_1

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Tue Apr 23 08:01:30 2024 UTC