From ffeb510a69d75eedd1d6f9108c7f8e7853208d14 Mon Sep 17 00:00:00 2001 From: Sergei Morozov Date: Wed, 7 Nov 2018 12:34:50 -0800 Subject: [PATCH] Check column number before trying to fetch the value --- ext/pdo/pdo_stmt.c | 7 ++++++ ext/pdo/tests/pdo_038.phpt | 45 ++++++++++++++++++++++++++++++++++++++ 2 files changed, 52 insertions(+) create mode 100644 ext/pdo/tests/pdo_038.phpt diff --git a/ext/pdo/pdo_stmt.c b/ext/pdo/pdo_stmt.c index 4b4f901f6d9e5..785d21e93dcae 100644 --- a/ext/pdo/pdo_stmt.c +++ b/ext/pdo/pdo_stmt.c @@ -530,6 +530,13 @@ static inline void fetch_value(pdo_stmt_t *stmt, zval *dest, int colno, int *typ int caller_frees = 0; int type, new_type; + if (colno < 0 || colno >= stmt->column_count) { + pdo_raise_impl_error(stmt->dbh, stmt, "HY000", "Invalid column index"); + ZVAL_FALSE(dest); + + return; + } + col = &stmt->columns[colno]; type = PDO_PARAM_TYPE(col->param_type); new_type = type_override ? (int)PDO_PARAM_TYPE(*type_override) : type; diff --git a/ext/pdo/tests/pdo_038.phpt b/ext/pdo/tests/pdo_038.phpt new file mode 100644 index 0000000000000..5a8b2ab63e83f --- /dev/null +++ b/ext/pdo/tests/pdo_038.phpt @@ -0,0 +1,45 @@ +--TEST-- +PDOStatement::fetchColumn() invalid column index +--SKIPIF-- + +--FILE-- +execute(); + return $stmt->fetchColumn($index); +} + +$conn = PDOTest::factory(); +$query = 'SELECT 1'; + +switch ($conn->getAttribute(PDO::ATTR_DRIVER_NAME)) { + case 'oci': + $query .= ' FROM DUAL'; + break; + case 'firebird': + $query .= ' FROM RDB$DATABASE'; + break; +} + +$stmt = $conn->prepare($query); + +var_dump(fetchColumn($stmt, -1)); +var_dump(fetchColumn($stmt, 0)); +var_dump(fetchColumn($stmt, 1)); +?> +--EXPECTF-- +Warning: PDOStatement::fetchColumn(): SQLSTATE[HY000]: General error: Invalid column index in %s +bool(false) +string(1) "1" + +Warning: PDOStatement::fetchColumn(): SQLSTATE[HY000]: General error: Invalid column index in %s +bool(false)