php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #74625 Integer overflow in oci_bind_array_by_name
Submitted: 2017-05-21 17:31 UTC Modified: 2017-05-21 23:13 UTC
From: ingmar dot php at irsoft dot de Assigned: sixd (profile)
Status: Closed Package: OCI8 related
PHP Version: 7.1.5 OS: Any
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: ingmar dot php at irsoft dot de
New email:
PHP Version: OS:

 

 [2017-05-21 17:31 UTC] ingmar dot php at irsoft dot de
Description:
------------
The same problem as fixed in bug #68298 for oci_bind_by_name exists in oci_bind_array_by_name as well. I have a tested patch and will submit it soon™.

Test script:
---------------
$sql = '
  BEGIN
      SELECT -1 BULK COLLECT INTO :a FROM DUAL;
  END;
';

$stmt = oci_parse($conn, $sql);

oci_bind_array_by_name($stmt, ':a', $a, 5000, 10, SQLT_INT);

oci_execute($stmt);

var_dump($a);

Expected result:
----------------
Array
(
    [0] => -1
)

Actual result:
--------------
Array
(
    [0] => 4294967295
)

Patches

Pull Requests

Pull requests:

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2017-05-21 23:13 UTC] sixd@php.net
-Assigned To: +Assigned To: sixd
 [2017-06-21 05:56 UTC] sixd@php.net
Automatic comment on behalf of ingmar.runge@sixt.com
Revision: http://git.php.net/?p=php-src.git;a=commit;h=fa3615f14ee9c0be361d8c45251f9d30cfe49900
Log: Fixed bug #74625 (Integer overflow in oci_bind_array_by_name).
 [2017-06-21 05:56 UTC] sixd@php.net
-Status: Assigned +Status: Closed
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Fri Dec 13 06:01:28 2024 UTC