php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #68014 Result data values can be truncated because of incorrect column display sizes
Submitted: 2014-09-12 20:16 UTC Modified: 2015-04-11 16:42 UTC
Votes:22
Avg. Score:4.8 ± 0.6
Reproduced:22 of 22 (100.0%)
Same Version:21 (95.5%)
Same OS:18 (81.8%)
From: marcus dot england at noaa dot gov Assigned: cmb (profile)
Status: Closed Package: ODBC related
PHP Version: >= 5.4.32 OS: All
Private report: No CVE-ID: None
 [2014-09-12 20:16 UTC] marcus dot england at noaa dot gov
Description:
------------
The FieldIdentifier is being incorrectly set in the call to SQLColAttributes within the odbc_bindcols function in the ext/odbc/php_odbc.c file. Bug was introduced in version 5.4.32 and is present in all subsequent versions.

In the column FOR loop, if the field identifier variable (colfieldid) is changed from SQL_COLUMN_DISPLAY_SIZE to SQL_DESC_OCTET_LENGTH for a SQL_CHAR, SQL_VARCHAR, SQL_WCHAR, or SQL_WVARCHAR column type, it will remain that way for any remaining columns in the table regardless of type.

This causes SQLColAttributes to be called with the wrong identifier which returns an incorrect display size. In the case of a table with TINYINTs, this causes the displaysize to be incorrectly set to 1 rather than 3, resulting in too little memory being allocated for the result value, truncating the data.

Test script:
---------------
I tested with a table of tinyint's and varchar(20)'s with SQL Server and FreeTDS. tinyint columns that follow a varchar are incorrectly set to displaysize of 1 resulting in a truncation of the data, e.g. 85 becomes an 8. The displaysize should be 3.

Expected result:
----------------
If we reset the FieldIdentifier to SQL_COLUMN_DISPLAY_SIZE for each iteration of the column loop, the bug is fixed.


Patches

php-5.4.32-odbc-displaysize.patch (last revision 2014-09-12 20:17 UTC by marcus dot england at noaa dot gov)

Pull Requests

Pull requests:

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2014-09-17 14:34 UTC] marcus dot england at noaa dot gov
-PHP Version: 5.4.32 +PHP Version: >= 5.4.32
 [2014-09-17 14:34 UTC] marcus dot england at noaa dot gov
Introduced in version 5.4.32...
 [2014-10-01 12:30 UTC] git at duncanc dot co dot uk
I have not seen this issue when using a 32bit OS, but I can confirm the issue is present on 5.6.0 (linux 64bit).

Also tested the patch and it corrected the issue
 [2015-04-11 16:42 UTC] cmb@php.net
-Status: Open +Status: Closed -Assigned To: +Assigned To: cmb
 [2015-04-11 16:42 UTC] cmb@php.net
Thank you for your bug report. This issue has already been fixed
in the latest released version of PHP, which you can download at 
http://www.php.net/downloads.php

Fixed in 5.5.19 and 5.6.3. See also bug #68087.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Sun Dec 08 03:01:28 2024 UTC