php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #65952 Invalid buffer position in Prepared Statement
Submitted: 2013-10-23 15:36 UTC Modified: 2014-01-01 12:27 UTC
Votes:4
Avg. Score:3.8 ± 0.8
Reproduced:3 of 3 (100.0%)
Same Version:1 (33.3%)
Same OS:1 (33.3%)
From: wils dot solutions at gmail dot com Assigned:
Status: Open Package: PDO ODBC
PHP Version: 5.4.21 OS: Centos6
Private report: No CVE-ID:
Have you experienced this issue?
Rate the importance of this bug to you:

 [2013-10-23 15:36 UTC] wils dot solutions at gmail dot com
Description:
------------
I was trying to use PDO_ODBC with HP Vertica but it returns the "Invalid buffer position" error.

I don't have this problem using ODBC Functions and I am using it now instead of PDO_ODBC but decided to report the issue anyways...

By looking at the ODBC trace files, I see that when pdo_odbc binds parameter, it always sets the BufferLength argument of the SQLBindParameter() function to 0. I believe this is wrong, since the input is a character type, and as a result there is a buffer overrun.

Test script:
---------------
$query = "select * from category where name = :nome";        
$sth = $this->_lnk->prepare($query);        
$category = 'Hardcore';        
$sth->bindParam(':nome', $category);        
$sth->execute();

Expected result:
----------------
The query result

Actual result:
--------------
Fails with error:

Fatal error: Uncaught exception 'PDOException' with message 'SQLSTATE[HY000]: General error: 50240 [Vertica][Support] (50240) Invalid buffer position. (SQLExecute[50240] at /builddir/build/BUILD/php-5.4.21/ext/pdo_odbc/odbc_stmt.c:254)' in /admin_vertica_report.class.php on line 39


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2014-01-01 12:27 UTC] felipe@php.net
-Package: PDO related +Package: PDO ODBC
 
PHP Copyright © 2001-2017 The PHP Group
All rights reserved.
Last updated: Fri Mar 24 20:01:40 2017 UTC