archive/php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2025-08-15 21:48:51 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Fix heap use after free

Browse source 
The value may only be used until PGresult was destroyed, thus it needs
to be copied.
This commit is contained in:
Anatol Belski 2018-03-12 20:57:21 +01:00
parent eaa5b1f911
commit 4cd64aad8a
1 changed files with 4 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

5
ext/pdo_pgsql/pgsql_statement.c
View file

@ -618,11 +618,13 @@ static zend_always_inline char * pdo_pgsql_translate_oid_to_table(Oid oid, PGcon
}
efree(querystr);
if ((table_name = PQgetvalue(tmp_res, 0, 0)) == NULL) {
if (1 == PQgetisnull(tmp_res, 0, 0) || (table_name = PQgetvalue(tmp_res, 0, 0)) == NULL) {
PQclear(tmp_res);
return 0;
}
table_name = estrdup(table_name);
PQclear(tmp_res);
return table_name;
}
@ -652,6 +654,7 @@ static int pgsql_stmt_get_column_meta(pdo_stmt_t *stmt, zend_long colno, zval *r
table_name = pdo_pgsql_translate_oid_to_table(table_oid, S->H->server);
if (table_name) {
add_assoc_string(return_value, "table", table_name);
efree(table_name);
}
switch (S->cols[colno].pgsql_type) {