Thanks Edin,
I was just waiting for a test report from the user who found the bug.
- Frank
> edink Tue Dec 3 11:09:15 2002 EDT
>
> Modified files: (Branch: PHP_4_3)
> /php4/ext/mssql php_mssql.c
> Log:
> MFH: Allocating enough memory to hold values.
> Fix crash when certan stored procedures was called. This caused
> the free_result function to free memory not yet allocated.
>
>
> Index: php4/ext/mssql/php_mssql.c
> diff -u php4/ext/mssql/php_mssql.c:1.86
php4/ext/mssql/php_mssql.c:1.86.2.1
> --- php4/ext/mssql/php_mssql.c:1.86 Mon Oct 28 15:16:24 2002
> +++ php4/ext/mssql/php_mssql.c Tue Dec 3 11:09:14 2002
> @@ -16,7 +16,7 @@
>
+----------------------------------------------------------------------+
> */
>
> -/* $Id: php_mssql.c,v 1.86 2002/10/28 20:16:24 sterling Exp $ */
> +/* $Id: php_mssql.c,v 1.86.2.1 2002/12/03 16:09:14 edink Exp $ */
>
> #ifdef COMPILE_DL_MSSQL
> #define HAVE_MSSQL 1
> @@ -376,7 +376,7 @@
> case 0: /* defaults */
> host=user=passwd=NULL;
> hashed_details_length=5+3;
> - hashed_details = (char *) emalloc(hashed_details_length);
> + hashed_details = (char *) emalloc(hashed_details_length+1);
> strcpy(hashed_details,"mssql___");
> break;
> case 1: {
> @@ -389,7 +389,7 @@
> host = Z_STRVAL_PP(yyhost);
> user=passwd=NULL;
> hashed_details_length = Z_STRLEN_PP(yyhost)+5+3;
> - hashed_details = (char *)
>emalloc(hashed_details_length);
> + hashed_details = (char *)
>emalloc(hashed_details_length+1);
>
>sprintf(hashed_details,"mssql_%s__",Z_STRVAL_PP(yyhost));
> }
> break;
> @@ -405,7 +405,7 @@
> user = Z_STRVAL_PP(yyuser);
> passwd=NULL;
> hashed_details_length =
Z_STRLEN_PP(yyhost)+Z_STRLEN_PP(yyuser)+5+3;
> - hashed_details = (char *)
>emalloc(hashed_details_length);
> + hashed_details = (char *)
>emalloc(hashed_details_length+1);
>
sprintf(hashed_details,"mssql_%s_%s_",Z_STRVAL_PP(yyhost),Z_STRVAL_PP(yyuser));
> }
> break;
> @@ -422,7 +422,7 @@
> user = Z_STRVAL_PP(yyuser);
> passwd = Z_STRVAL_PP(yypasswd);
> hashed_details_length =
Z_STRLEN_PP(yyhost)+Z_STRLEN_PP(yyuser)+Z_STRLEN_PP(yypasswd)+5+3;
> - hashed_details = (char *)
>emalloc(hashed_details_length);
> + hashed_details = (char *)
>emalloc(hashed_details_length+1);
>
sprintf(hashed_details,"mssql_%s_%s_%s",Z_STRVAL_PP(yyhost),Z_STRVAL_PP(yyuser),Z_STRVAL_PP(yypasswd));
/* SAFE */
> }
> break;
> @@ -796,7 +796,7 @@
> unsigned char *res_buf;
> int res_length = dbdatlen(mssql_ptr->link, offset);
>
> - res_buf = (unsigned char *) emalloc(res_length);
> + res_buf = (unsigned char *) emalloc(res_length+1);
> bin = ((DBBINARY *)dbdata(mssql_ptr->link, offset));
> memcpy(res_buf,bin,res_length);
> res_buf[res_length] = '\0';
> @@ -817,13 +817,13 @@
> if (column_type == SQLDATETIM4) res_length +=
>14;
> if (column_type == SQLDATETIME) res_length +=
>10;
>
> - res_buf = (unsigned char *)
>emalloc(res_length);
> + res_buf = (unsigned char *)
>emalloc(res_length+1);
> res_length =
dbconvert(NULL,coltype(offset),dbdata(mssql_ptr->link,offset), res_length,
SQLCHAR,res_buf,-1);
> } else {
> dbdatecrack(mssql_ptr->link, &dateinfo,
>(DBDATETIME *)
dbdata(mssql_ptr->link,offset));
>
> res_length = 19;
> - res_buf = (unsigned char *)
>emalloc(res_length);
> + res_buf = (unsigned char *)
>emalloc(res_length+1);
> sprintf(res_buf, "%d-%02d-%02d %02d:%02d:%02d"
>, dateinfo.year,
dateinfo.month, dateinfo.day, dateinfo.hour, dateinfo.minute,
dateinfo.second);
> }
>
> @@ -852,7 +852,7 @@
> unsigned char *res_buf;
> int res_length = dbdatlen(mssql_ptr->link, offset);
>
> - res_buf = (unsigned char *) emalloc(res_length);
> + res_buf = (unsigned char *) emalloc(res_length+1);
> bin = ((DBBINARY *)dbdata(mssql_ptr->link, offset));
> memcpy(res_buf, bin, res_length);
> res_buf[res_length] = '\0';
> @@ -870,14 +870,14 @@
> if (column_type == SQLDATETIM4) res_length += 14;
> if (column_type == SQLDATETIME) res_length += 10;
>
> - res_buf = (unsigned char *) emalloc(res_length);
> + res_buf = (unsigned char *) emalloc(res_length+1);
> res_length =
dbconvert(NULL,coltype(offset),dbdata(mssql_ptr->link,offset), res_length,
SQLCHAR, res_buf, -1);
>
> } else {
> dbdatecrack(mssql_ptr->link, &dateinfo, (DBDATETIME *)
dbdata(mssql_ptr->link,offset));
>
> res_length = 19;
> - res_buf = (unsigned char *) emalloc(res_length);
> + res_buf = (unsigned char *) emalloc(res_length+1);
> sprintf(res_buf, "%d-%02d-%02d %02d:%02d:%02d" , dateinfo.year,
dateinfo.month, dateinfo.day, dateinfo.hour, dateinfo.minute,
dateinfo.second);
> }
>
> @@ -1049,16 +1049,15 @@
> * 1) Being able to fire up another query without explicitly reading
all rows
> * 2) Having numrows accessible
> */
> - retvalue=dbnextrow(mssql_ptr->link);
> -
> - if (retvalue==FAIL) {
> - RETURN_FALSE;
> - }
> -
> if ((num_fields = dbnumcols(mssql_ptr->link)) <= 0 &&
!dbdataready(mssql_ptr->link)) {
> RETURN_TRUE;
> }
>
> + retvalue=dbnextrow(mssql_ptr->link);
> + if (retvalue==FAIL) {
> + RETURN_FALSE;
> + }
> +
> result = (mssql_result *) emalloc(sizeof(mssql_result));
> result->num_fields = num_fields;
> result->blocks_initialized = 1;
> @@ -1073,6 +1072,8 @@
> result->fields = (mssql_field *)
emalloc(sizeof(mssql_field)*result->num_fields);
> result->num_rows = _mssql_fetch_batch(mssql_ptr, result, retvalue
TSRMLS_CC);
> }
> + else
> + result->fields = NULL;
>
> ZEND_REGISTER_RESOURCE(return_value, result, le_result);
> }
>
>
>
> --
> PHP CVS Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
