Am 25.03.2005 um 15:28 schrieb [EMAIL PROTECTED]:
"Thies C. Arntzen" <[EMAIL PROTECTED]> writes:
diff -u -w -r1.95 pdo_stmt.c --- ext/pdo/pdo_stmt.c 24 Mar 2005 12:32:06 -0000 1.95 +++ ext/pdo/pdo_stmt.c 25 Mar 2005 13:13:18 -0000 @@ -242,6 +242,13 @@
hash = is_param ? stmt->bound_params : stmt->bound_columns;
+ if (param->name) { + if (param->name[0] == ':') { + param->name = param->name + 1;
Sanity check...
Without researching thoroughly, this "appears" to warrant further inspection.
The field param->name is clearly a pointer since you're able to increment it.
It seems likely, then, that param->name was dynamically allocated. If that's
not the case, then you can stop reading. If it is, though, then by
incrementing param->name, what happens when param->name is freed? I didn't
see any place in the patch where it is marked as having been incremented nor
anyplace where it is decremented in order to be freed.
acutally i did a bit of checking...
really_register_bound_param is called from two places... and at the end it does:
if (param->name) {
param->name = estrndup(param->name, param->namelen);so i believe my patch is safe.
i agree that it could|should be done nicer...
-tc
-- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
