archive/php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2025-08-16 05:58:45 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Fix #69975: PHP segfaults when accessing nvarchar(max) defined columns

Browse source 
The SQL Server Native Client 11.0 and maybe other ODBC drivers report
NVARCHAR(MAX) columns as SQL_WVARCHAR with size 0. This causes too small a
buffer to be emalloc'd, likely causing a segfault in the following. As we don't
know the real size of the column data, we treat such colums as
SQL_WLONGVARCHAR.

The related bug #67437 suggests that some drivers report a size of ~4GB. It is
not certain that this is really the case (there might be some integer overflow
involved, and anyway, there has been no feedback), so we do not cater for this
now. However, it would not be hard to treat all sizes above a certain threshold
in a similar way, i.e. as SQL_WLONGVARCHAR.

(cherry picked from commit 16db4d1462)
(cherry picked from commit 344ff5dd4c)
This commit is contained in:
Christoph M. Becker 2015-07-03 00:04:50 +02:00 committed by Julien Pauli
parent 51b584b159
commit 82637e8187
2 changed files with 39 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

7
ext/odbc/php_odbc.c
View file

@ -1007,6 +1007,13 @@ int odbc_bindcols(odbc_result *result TSRMLS_DC)
rc = SQLColAttributes(result->stmt, (SQLUSMALLINT)(i+1), SQL_COLUMN_DISPLAY_SIZE,
NULL, 0, NULL, &displaysize);
}
/* Workaround for drivers that report NVARCHAR(MAX) columns as SQL_WVARCHAR with size 0 (bug #69975) */
if (result->values[i].coltype == SQL_WVARCHAR && displaysize == 0) {
result->values[i].coltype = SQL_WLONGVARCHAR;
result->values[i].value = NULL;
break;
}
#endif
/* Workaround for Oracle ODBC Driver bug (#50162) when fetching TIMESTAMP column */
if (result->values[i].coltype == SQL_TIMESTAMP) {

32
ext/odbc/tests/bug69975.phpt Normal file
View file

@ -0,0 +1,32 @@
--TEST--
Bug #69975 (PHP segfaults when accessing nvarchar(max) defined columns)
--SKIPIF--
<?php include 'skipif.inc'; ?>
--FILE--
<?php
include 'config.inc';
$conn = odbc_connect($dsn, $user, $pass);
@odbc_exec($conn, 'CREATE DATABASE odbcTEST');
odbc_exec($conn, 'CREATE TABLE FOO (ID INT, VARCHAR_COL NVARCHAR(MAX))');
odbc_exec($conn, "INSERT INTO FOO VALUES (1, 'foo')");
$result = odbc_exec($conn, "SELECT VARCHAR_COL FROM FOO");
var_dump(odbc_fetch_array($result));
echo "ready";
?>
--EXPECT--
array(1) {
["VARCHAR_COL"]=>
string(3) "foo"
}
ready
--CLEAN--
<?php
include 'config.inc';
$conn = odbc_connect($dsn, $user, $pass);
odbc_exec($conn, 'DROP TABLE FOO');
odbc_exec($conn, 'DROP DATABASE odbcTEST');
?>