From d0d978b62f0cadbe8feddf8a3388992ee0011057 Mon Sep 17 00:00:00 2001 From: BRANDON KIRSCH Date: Wed, 12 Sep 2012 22:09:00 -0400 Subject: [PATCH 1/2] php_odbc_fetch_hash() Fixed a segfault when fetching certain SQL NULLs php_odbc.c:1774 Changed the conditional to include the check: && Z_TYPE_P(tmp) != IS_NULL This prevents a potential segfault on 1775 where zend_hash_update is called with Z_STR*(tmp) args. Fixes Bug https://bugs.php.net/bug.php?id=61387 --- ext/odbc/php_odbc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ext/odbc/php_odbc.c b/ext/odbc/php_odbc.c index 4044117c41f76..cb3db1532f8a8 100644 --- a/ext/odbc/php_odbc.c +++ b/ext/odbc/php_odbc.c @@ -1771,7 +1771,7 @@ static void php_odbc_fetch_hash(INTERNAL_FUNCTION_PARAMETERS, int result_type) if (result_type & ODBC_NUM) { zend_hash_index_update(Z_ARRVAL_P(return_value), i, &tmp, sizeof(zval *), NULL); } else { - if (!*(result->values[i].name)) { + if (!*(result->values[i].name) && Z_TYPE_P(tmp) != IS_NULL) { zend_hash_update(Z_ARRVAL_P(return_value), Z_STRVAL_P(tmp), Z_STRLEN_P(tmp)+1, &tmp, sizeof(zval *), NULL); } else { zend_hash_update(Z_ARRVAL_P(return_value), result->values[i].name, strlen(result->values[i].name)+1, &tmp, sizeof(zval *), NULL); From 383fcb36f42837c0edc73cb960f4f61bfc59e812 Mon Sep 17 00:00:00 2001 From: BRANDON KIRSCH Date: Wed, 12 Sep 2012 23:30:33 -0400 Subject: [PATCH 2/2] php_odbc_fetch_hash() Fixed a segfault when fetching certain SQL NULLs php_odbc.c:1774 Changed the conditional to include the check: && Z_TYPE_P(tmp) == IS_STRING This avoids a potential segfault on 1775 where ZSTR_ macros are used when the ZVAL is sometimes NULL. --- ext/odbc/php_odbc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ext/odbc/php_odbc.c b/ext/odbc/php_odbc.c index cb3db1532f8a8..4bfedcf46943c 100644 --- a/ext/odbc/php_odbc.c +++ b/ext/odbc/php_odbc.c @@ -1771,7 +1771,7 @@ static void php_odbc_fetch_hash(INTERNAL_FUNCTION_PARAMETERS, int result_type) if (result_type & ODBC_NUM) { zend_hash_index_update(Z_ARRVAL_P(return_value), i, &tmp, sizeof(zval *), NULL); } else { - if (!*(result->values[i].name) && Z_TYPE_P(tmp) != IS_NULL) { + if (!*(result->values[i].name) && Z_TYPE_P(tmp) == IS_STRING) { zend_hash_update(Z_ARRVAL_P(return_value), Z_STRVAL_P(tmp), Z_STRLEN_P(tmp)+1, &tmp, sizeof(zval *), NULL); } else { zend_hash_update(Z_ARRVAL_P(return_value), result->values[i].name, strlen(result->values[i].name)+1, &tmp, sizeof(zval *), NULL);