PHP :: Bug #60244 :: pg_fetch_* functions behave strangely with row = -1

Bug #60244

pg_fetch_* functions behave strangely with row = -1

Submitted:

2011-11-08 16:55 UTC

Modified:

2011-11-15 18:02 UTC

Votes:	2
Avg. Score:	3.0 ± 0.0
Reproduced:	0 of 0 (0.0%)

From:

bandy dot chris at gmail dot com

Assigned:

iliaa (profile)

Status:

Closed

Package:

PostgreSQL related

PHP Version:

5.3.8

OS:

Gentoo Linux

Private report:

CVE-ID:

None

View Developer Edit

[2011-11-08 16:55 UTC] bandy dot chris at gmail dot com

Description:
------------
pg_fetch_array(), pg_fetch_assoc(), pg_fetch_object() and pg_fetch_row() neglect to raise a warning when requesting $row = -1. In some cases, -1 is interpreted as though $row = NULL.

pg_fetch_result() is not affected.

Test script:
---------------
<?php
error_reporting(E_ALL);
$conn = pg_connect('host=localhost dbname=postgres');

$result = pg_query("select 'a' union select 'b'");
var_dump(pg_fetch_row($result, -1));
var_dump(pg_fetch_row($result, -1));

$result = pg_query("select 'a' union select 'b'");
var_dump(pg_fetch_row($result, -2));
var_dump(pg_fetch_row($result, -1));
var_dump(pg_fetch_row($result, -1));

$result = pg_query("select 'a' union select 'b'");
var_dump(pg_fetch_row($result, 0));
var_dump(pg_fetch_row($result, -1));
var_dump(pg_fetch_row($result, -1));

Expected result:
----------------
PHP Warning:  pg_fetch_row(): Unable to jump to row -1 on PostgreSQL result index 5 in pgsql_bug.php on line 6

Warning: pg_fetch_row(): Unable to jump to row -1 on PostgreSQL result index 5 in pgsql_bug.php on line 6
bool(false)
PHP Warning:  pg_fetch_row(): Unable to jump to row -1 on PostgreSQL result index 5 in pgsql_bug.php on line 7

Warning: pg_fetch_row(): Unable to jump to row -1 on PostgreSQL result index 5 in pgsql_bug.php on line 7
bool(false)
PHP Warning:  pg_fetch_row(): Unable to jump to row -2 on PostgreSQL result index 6 in pgsql_bug.php on line 10

Warning: pg_fetch_row(): Unable to jump to row -2 on PostgreSQL result index 6 in pgsql_bug.php on line 10
bool(false)
PHP Warning:  pg_fetch_row(): Unable to jump to row -1 on PostgreSQL result index 6 in pgsql_bug.php on line 11

Warning: pg_fetch_row(): Unable to jump to row -1 on PostgreSQL result index 6 in pgsql_bug.php on line 11
bool(false)
PHP Warning:  pg_fetch_row(): Unable to jump to row -1 on PostgreSQL result index 6 in pgsql_bug.php on line 12

Warning: pg_fetch_row(): Unable to jump to row -1 on PostgreSQL result index 6 in pgsql_bug.php on line 12
bool(false)
array(1) {
  [0]=>
  string(1) "a"
}
PHP Warning:  pg_fetch_row(): Unable to jump to row -1 on PostgreSQL result index 7 in pgsql_bug.php on line 16

Warning: pg_fetch_row(): Unable to jump to row -1 on PostgreSQL result index 7 in pgsql_bug.php on line 16
bool(false)
PHP Warning:  pg_fetch_row(): Unable to jump to row -1 on PostgreSQL result index 7 in pgsql_bug.php on line 17

Warning: pg_fetch_row(): Unable to jump to row -1 on PostgreSQL result index 7 in pgsql_bug.php on line 17
bool(false)

Actual result:
--------------
array(1) {
  [0]=>
  string(1) "a"
}
array(1) {
  [0]=>
  string(1) "b"
}
PHP Warning:  pg_fetch_row(): Unable to jump to row -2 on PostgreSQL result index 6 in pgsql_bug.php on line 10

Warning: pg_fetch_row(): Unable to jump to row -2 on PostgreSQL result index 6 in pgsql_bug.php on line 10
bool(false)
bool(false)
bool(false)
array(1) {
  [0]=>
  string(1) "a"
}
array(1) {
  [0]=>
  string(1) "a"
}
array(1) {
  [0]=>
  string(1) "b"
}

Patches

bug_60244.patch (last revision 2011-11-09 03:25 UTC by bandy dot chris at gmail dot com)

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2011-11-09 03:41 UTC] bandy dot chris at gmail dot com

I've attached a patch against PHP_5_3_8.

[2011-11-15 18:02 UTC] iliaa@php.net

Automatic comment from SVN on behalf of iliaa
Revision: http://svn.php.net/viewvc/?view=revision&amp;revision=319259
Log: Fixed bug #60244 (pg_fetch_* functions do not validate that row param is &gt;0).

[2011-11-15 18:02 UTC] iliaa@php.net

This bug has been fixed in SVN.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.

 For Windows:

http://windows.php.net/snapshots/
 
Thank you for the report, and for helping us make PHP better.

[2011-11-15 18:02 UTC] iliaa@php.net

-Status: Open +Status: Closed -Assigned To: +Assigned To: iliaa

[2012-04-18 09:47 UTC] laruence@php.net

Automatic comment on behalf of iliaa
Revision: http://git.php.net/?p=php-src.git;a=commit;h=32c4c239c0c499708287c8e9a472823c56e5b3de
Log: Fixed bug #60244 (pg_fetch_* functions do not validate that row param is &gt;0).

[2012-07-24 23:38 UTC] rasmus@php.net

Automatic comment on behalf of iliaa
Revision: http://git.php.net/?p=php-src.git;a=commit;h=32c4c239c0c499708287c8e9a472823c56e5b3de
Log: Fixed bug #60244 (pg_fetch_* functions do not validate that row param is &gt;0).

[2013-11-17 09:35 UTC] laruence@php.net

Automatic comment on behalf of iliaa
Revision: http://git.php.net/?p=php-src.git;a=commit;h=32c4c239c0c499708287c8e9a472823c56e5b3de
Log: Fixed bug #60244 (pg_fetch_* functions do not validate that row param is &gt;0).

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Thu Oct 30 03:00:01 2025 UTC