php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #60244 pg_fetch_* functions behave strangely with row = -1
Submitted: 2011-11-08 16:55 UTC Modified: 2011-11-15 18:02 UTC
Votes:2
Avg. Score:3.0 ± 0.0
Reproduced:0 of 0 (0.0%)
From: bandy dot chris at gmail dot com Assigned: iliaa
Status: Closed Package: PostgreSQL related
PHP Version: 5.3.8 OS: Gentoo Linux
Private report: No CVE-ID:
 [2011-11-08 16:55 UTC] bandy dot chris at gmail dot com
Description:
------------
pg_fetch_array(), pg_fetch_assoc(), pg_fetch_object() and pg_fetch_row() neglect to raise a warning when requesting $row = -1. In some cases, -1 is interpreted as though $row = NULL.

pg_fetch_result() is not affected.

Test script:
---------------
<?php
error_reporting(E_ALL);
$conn = pg_connect('host=localhost dbname=postgres');

$result = pg_query("select 'a' union select 'b'");
var_dump(pg_fetch_row($result, -1));
var_dump(pg_fetch_row($result, -1));

$result = pg_query("select 'a' union select 'b'");
var_dump(pg_fetch_row($result, -2));
var_dump(pg_fetch_row($result, -1));
var_dump(pg_fetch_row($result, -1));

$result = pg_query("select 'a' union select 'b'");
var_dump(pg_fetch_row($result, 0));
var_dump(pg_fetch_row($result, -1));
var_dump(pg_fetch_row($result, -1));

Expected result:
----------------
PHP Warning:  pg_fetch_row(): Unable to jump to row -1 on PostgreSQL result index 5 in pgsql_bug.php on line 6

Warning: pg_fetch_row(): Unable to jump to row -1 on PostgreSQL result index 5 in pgsql_bug.php on line 6
bool(false)
PHP Warning:  pg_fetch_row(): Unable to jump to row -1 on PostgreSQL result index 5 in pgsql_bug.php on line 7

Warning: pg_fetch_row(): Unable to jump to row -1 on PostgreSQL result index 5 in pgsql_bug.php on line 7
bool(false)
PHP Warning:  pg_fetch_row(): Unable to jump to row -2 on PostgreSQL result index 6 in pgsql_bug.php on line 10

Warning: pg_fetch_row(): Unable to jump to row -2 on PostgreSQL result index 6 in pgsql_bug.php on line 10
bool(false)
PHP Warning:  pg_fetch_row(): Unable to jump to row -1 on PostgreSQL result index 6 in pgsql_bug.php on line 11

Warning: pg_fetch_row(): Unable to jump to row -1 on PostgreSQL result index 6 in pgsql_bug.php on line 11
bool(false)
PHP Warning:  pg_fetch_row(): Unable to jump to row -1 on PostgreSQL result index 6 in pgsql_bug.php on line 12

Warning: pg_fetch_row(): Unable to jump to row -1 on PostgreSQL result index 6 in pgsql_bug.php on line 12
bool(false)
array(1) {
  [0]=>
  string(1) "a"
}
PHP Warning:  pg_fetch_row(): Unable to jump to row -1 on PostgreSQL result index 7 in pgsql_bug.php on line 16

Warning: pg_fetch_row(): Unable to jump to row -1 on PostgreSQL result index 7 in pgsql_bug.php on line 16
bool(false)
PHP Warning:  pg_fetch_row(): Unable to jump to row -1 on PostgreSQL result index 7 in pgsql_bug.php on line 17

Warning: pg_fetch_row(): Unable to jump to row -1 on PostgreSQL result index 7 in pgsql_bug.php on line 17
bool(false)

Actual result:
--------------
array(1) {
  [0]=>
  string(1) "a"
}
array(1) {
  [0]=>
  string(1) "b"
}
PHP Warning:  pg_fetch_row(): Unable to jump to row -2 on PostgreSQL result index 6 in pgsql_bug.php on line 10

Warning: pg_fetch_row(): Unable to jump to row -2 on PostgreSQL result index 6 in pgsql_bug.php on line 10
bool(false)
bool(false)
bool(false)
array(1) {
  [0]=>
  string(1) "a"
}
array(1) {
  [0]=>
  string(1) "a"
}
array(1) {
  [0]=>
  string(1) "b"
}

Patches

bug_60244.patch (last revision 2011-11-09 03:25 UTC) by bandy dot chris at gmail dot com)

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2011-11-09 03:41 UTC] bandy dot chris at gmail dot com
I've attached a patch against PHP_5_3_8.
 [2011-11-15 18:02 UTC] iliaa@php.net
Automatic comment from SVN on behalf of iliaa
Revision: http://svn.php.net/viewvc/?view=revision&amp;revision=319259
Log: Fixed bug #60244 (pg_fetch_* functions do not validate that row param is &gt;0).
 [2011-11-15 18:02 UTC] iliaa@php.net
This bug has been fixed in SVN.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.

 For Windows:

http://windows.php.net/snapshots/
 
Thank you for the report, and for helping us make PHP better.


 [2011-11-15 18:02 UTC] iliaa@php.net
-Status: Open +Status: Closed -Assigned To: +Assigned To: iliaa
 [2012-04-18 09:47 UTC] laruence@php.net
Automatic comment on behalf of iliaa
Revision: http://git.php.net/?p=php-src.git;a=commit;h=32c4c239c0c499708287c8e9a472823c56e5b3de
Log: Fixed bug #60244 (pg_fetch_* functions do not validate that row param is &gt;0).
 [2012-07-24 23:38 UTC] rasmus@php.net
Automatic comment on behalf of iliaa
Revision: http://git.php.net/?p=php-src.git;a=commit;h=32c4c239c0c499708287c8e9a472823c56e5b3de
Log: Fixed bug #60244 (pg_fetch_* functions do not validate that row param is &gt;0).
 [2013-11-17 09:35 UTC] laruence@php.net
Automatic comment on behalf of iliaa
Revision: http://git.php.net/?p=php-src.git;a=commit;h=32c4c239c0c499708287c8e9a472823c56e5b3de
Log: Fixed bug #60244 (pg_fetch_* functions do not validate that row param is &gt;0).
 
PHP Copyright © 2001-2014 The PHP Group
All rights reserved.
Last updated: Sun Apr 20 15:01:54 2014 UTC