The alignment of sqldata is in most cases only the basic alignment,
so the code type-puns it to a larger type, it *can* crash due to the
misaligned access. This is only an issue for types > 4 bytes because
every sensible system requires an alignment of at least 4 bytes for
allocated data.
Even though this patch uses memcpy, the compiler is smart enough to
optimise it to something more efficient, especially on x86.
This is just the usual approach to solve these alignment problems.
Actually, unaligned memory access is undefined behaviour, so even on x86
platforms, where the bug doesn't cause a crash, this can be problematic.
Furthermore, even though the issue talks about a 64-bit kernel and
32-bit userspace, this doesn't necessarily need to be the case to
trigger this crash.
Test was Co-authored-by: rvk01
Closes GH-10920.
* PHP-8.0:
Update NEWS
Fix#76448: Stack buffer overflow in firebird_info_cb
Fix#76449: SIGSEGV in firebird_handle_doer
Fix#76450: SIGSEGV in firebird_stmt_execute
Fix#76452: Crash while parsing blob data in firebird_fetch_blob
Fix#81122: SSRF bypass in FILTER_VALIDATE_URL
* PHP-7.4:
Update NEWS
Fix#76448: Stack buffer overflow in firebird_info_cb
Fix#76449: SIGSEGV in firebird_handle_doer
Fix#76450: SIGSEGV in firebird_stmt_execute
Fix#76452: Crash while parsing blob data in firebird_fetch_blob
Fix#81122: SSRF bypass in FILTER_VALIDATE_URL
* PHP-7.3:
Update NEWS
Fix#76448: Stack buffer overflow in firebird_info_cb
Fix#76449: SIGSEGV in firebird_handle_doer
Fix#76450: SIGSEGV in firebird_stmt_execute
Fix#76452: Crash while parsing blob data in firebird_fetch_blob
Fix#81122: SSRF bypass in FILTER_VALIDATE_URL
We need to verify that the `result_size` is not larger than our buffer,
and also should make sure that the `len` which is passed to
`isc_vax_integer()` has a permissible value; otherwise we bail out.
We need to verify that the `result_size` is not larger than our buffer,
and also should make sure that the `len` which is passed to
`isc_vax_integer()` has a permissible value; otherwise we bail out.
The tests leak memory, likely due to a slightly unclean shutdown of
libfbclient. To avoid failing CI, we disable LSan for all the tests.
Closes GH-6966.
This is meant to test against certain fixed responses of Firebird
servers. For now we add just a most basic test which verifies a
connection attempt.
Closes GH-6940.
Firebird does not have "if exists", and the switch to exception
error mode broke the suppressed exec calls.
Firebird does have a "recreate table" command that effective
perform a "drop table if exists" beforehand.
This patch fixes some problems with preprocessing SQL queries.
* The new algorithm takes into account single-line and multi-line
comments and ignores the ":" and "?" Parameter markers in them.
* The algorithm allows the EXECUTE BLOCK statement to be processed
correctly. For this statement, it is necessary to search for
parameter markers between EXECUTE BLOCK and AS, the rest should be
left as is.
The SQL preprocessing code has been ported from Firebird to handle
EXECUTE STATEMENT.
Closes GH-4920.
These have been inadvertently dropped when changing the test suite to
not require ext/interbase anymore, so we add them back.
We also change the required environment variable names to match the
usual PDO names. Particularly, we replace `PDO_FIREBIRD_TEST_HOSTNAME`
and `_DATABASE` with the more flexible `PDO_FIREBIRD_TEST_DSN`.
- This renames the environment variables to: PDO_FIREBIRD_TEST_XXX to be in line with other PDO test suites
- Adds an skipif.inc file that skips the tests if no database is set
- The test suite can now be run without PDO_FIREBIRD_TEST_HOSTNAME
$ set PDO_FIREBIRD_TEST_HOSTNAME=localhost
$ set PDO_FIREBIRD_TEST_DATABASE=C:\dev\php.fdb
$ nmake test TESTS=ext/pdo_firebird/tests
I have no idea how I managed to get this to work, but there is 4 new environment variables that
can be specified for the connection:
- PDO_FIREBIRD_USERNAME
- PDO_FIREBIRD_PASSWORD
- PDO_FIREBIRD_HOSTNAME
- PDO_FIREBIRD_DATABASE
(See testdb.inc for more info)
The only way I could get this to work on my local machine was with a DSN like:
- firebird:dbname=localhost:C:\php.fdb
Hence why the 'hostname' can be specified.
There is also a bit mess in regards to cleanup of this extension tests, but I really do not want to dwell down there, if someone dares to do so, then please be my guest.
This patch removes the so called local variables defined per
file basis for certain editors to properly show tab width, and
similar settings. These are mainly used by Vim and Emacs editors
yet with recent changes the once working definitions don't work
anymore in Vim without custom plugins or additional configuration.
Neither are these settings synced across the PHP code base.
A simpler and better approach is EditorConfig and fixing code
using some code style fixing tools in the future instead.
This patch also removes the so called modelines for Vim. Modelines
allow Vim editor specifically to set some editor configuration such as
syntax highlighting, indentation style and tab width to be set in the
first line or the last 5 lines per file basis. Since the php test
files have syntax highlighting already set in most editors properly and
EditorConfig takes care of the indentation settings, this patch removes
these as well for the Vim 6.0 and newer versions.
With the removal of local variables for certain editors such as
Emacs and Vim, the footer is also probably not needed anymore when
creating extensions using ext_skel.php script.
Additionally, Vim modelines for setting php syntax and some editor
settings has been removed from some *.phpt files. All these are
mostly not relevant for phpt files neither work properly in the
middle of the file.
This patch adds missing newlines, trims multiple redundant final
newlines into a single one, and trims redundant leading newlines in all
*.phpt sections.
According to POSIX, a line is a sequence of zero or more non-' <newline>'
characters plus a terminating '<newline>' character. [1] Files should
normally have at least one final newline character.
C89 [2] and later standards [3] mention a final newline:
"A source file that is not empty shall end in a new-line character,
which shall not be immediately preceded by a backslash character."
Although it is not mandatory for all files to have a final newline
fixed, a more consistent and homogeneous approach brings less of commit
differences issues and a better development experience in certain text
editors and IDEs.
[1] http://pubs.opengroup.org/onlinepubs/9699919799/basedefs/V1_chap03.html#tag_03_206
[2] https://port70.net/~nsz/c/c89/c89-draft.html#2.1.1.2
[3] https://port70.net/~nsz/c/c99/n1256.html#5.1.1.2
This patch adds missing newlines, trims multiple redundant final
newlines into a single one, and trims redundant leading newlines in all
*.phpt sections.
According to POSIX, a line is a sequence of zero or more non-' <newline>'
characters plus a terminating '<newline>' character. [1] Files should
normally have at least one final newline character.
C89 [2] and later standards [3] mention a final newline:
"A source file that is not empty shall end in a new-line character,
which shall not be immediately preceded by a backslash character."
Although it is not mandatory for all files to have a final newline
fixed, a more consistent and homogeneous approach brings less of commit
differences issues and a better development experience in certain text
editors and IDEs.
[1] http://pubs.opengroup.org/onlinepubs/9699919799/basedefs/V1_chap03.html#tag_03_206
[2] https://port70.net/~nsz/c/c89/c89-draft.html#2.1.1.2
[3] https://port70.net/~nsz/c/c99/n1256.html#5.1.1.2
The $Id$ keywords were used in Subversion where they can be substituted
with filename, last revision number change, last changed date, and last
user who changed it.
In Git this functionality is different and can be done with Git attribute
ident. These need to be defined manually for each file in the
.gitattributes file and are afterwards replaced with 40-character
hexadecimal blob object name which is based only on the particular file
contents.
This patch simplifies handling of $Id$ keywords by removing them since
they are not used anymore.
Use another define for better compatibility
Test case for #72583 Feature. Small optimisations.
Adjust conditional directives according to coding standards
Add more compatibility for "end of line" on multiple environements
Updated execute.phpt test after switching to integer mapping
