php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #56508 Segmentation fault when passing negative argument to getColumnMeta()
Submitted: 2005-08-24 00:51 UTC Modified: 2005-09-01 10:45 UTC
From: demenev at gmail dot com Assigned:
Status: Closed Package: PDO_MYSQL (PECL)
PHP Version: Irrelevant OS: Irrelevant
Private report: No CVE-ID: None
 [2005-08-24 00:51 UTC] demenev at gmail dot com
Description:
------------
Passing negative values to getColumnMeta() leads to segfault, due to missing check for negative values.

Same applies to PDO_POSTGRESQL as well (did not check other drivers, same problem may exist there)

Reproduce code:
---------------
Simple patch to fix the problem:


--- mysql_statement.c.orig      2005-07-27 13:07:09.000000000 +1100
+++ mysql_statement.c   2005-08-24 15:45:20.388245424 +1100
@@ -458,7 +458,7 @@
        if (!S->result) {
                return FAILURE;
        }
-       if (colno >= stmt->column_count) {
+       if (colno >= stmt->column_count || colno < 0) {
                /* error invalid column */
                return FAILURE;
        }



Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2005-09-01 10:45 UTC] george at omniti dot com
This bug has been fixed in CVS.

In case this was a documentation problem, the fix will show up at the
end of next Sunday (CET) on pecl.php.net.

In case this was a pecl.php.net website problem, the change will show
up on the website in short time.
 
Thank you for the report, and for helping us make PECL better.

Fixed in HEAD and PHP_5_1
 
PHP Copyright © 2001-2021 The PHP Group
All rights reserved.
Last updated: Sat Sep 25 22:03:39 2021 UTC