php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #56508 Segmentation fault when passing negative argument to getColumnMeta()
Submitted: 2005-08-24 00:51 UTC Modified: 2005-09-01 10:45 UTC
From: demenev at gmail dot com Assigned:
Status: Closed Package: PDO_MYSQL (PECL)
PHP Version: Irrelevant OS: Irrelevant
Private report: No CVE-ID: None
View Add Comment Developer Edit
Anyone can comment on a bug. Have a simpler test case? Does it work for you on a different platform? Let us know!
Just going to say 'Me too!'? Don't clutter the database with that please !
Your email address:
MUST BE VALID
Solve the problem:
21 - 11 = ?
Subscribe to this entry?

 
 [2005-08-24 00:51 UTC] demenev at gmail dot com 
Description:
------------
Passing negative values to getColumnMeta() leads to segfault, due to missing check for negative values.

Same applies to PDO_POSTGRESQL as well (did not check other drivers, same problem may exist there)

Reproduce code:
---------------
Simple patch to fix the problem:


--- mysql_statement.c.orig      2005-07-27 13:07:09.000000000 +1100
+++ mysql_statement.c   2005-08-24 15:45:20.388245424 +1100
@@ -458,7 +458,7 @@
        if (!S->result) {
                return FAILURE;
        }
-       if (colno >= stmt->column_count) {
+       if (colno >= stmt->column_count || colno < 0) {
                /* error invalid column */
                return FAILURE;
        }

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2005-09-01 10:45 UTC] george at omniti dot com 
This bug has been fixed in CVS.

In case this was a documentation problem, the fix will show up at the
end of next Sunday (CET) on pecl.php.net.

In case this was a pecl.php.net website problem, the change will show
up on the website in short time.
 
Thank you for the report, and for helping us make PECL better.

Fixed in HEAD and PHP_5_1
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Sat Apr 20 00:01:27 2024 UTC