fmk Mon Aug 8 17:32:21 2005 EDT
Modified files:
/php-src/ext/mssql php_mssql.c php_mssql.h
Log:
Fix #32010. Leak in mssql_fetch_batch().
http://cvs.php.net/diff.php/php-src/ext/mssql/php_mssql.c?r1=1.149&r2=1.150&ty=u
Index: php-src/ext/mssql/php_mssql.c
diff -u php-src/ext/mssql/php_mssql.c:1.149 php-src/ext/mssql/php_mssql.c:1.150
--- php-src/ext/mssql/php_mssql.c:1.149 Wed Aug 3 10:07:28 2005
+++ php-src/ext/mssql/php_mssql.c Mon Aug 8 17:32:18 2005
@@ -16,7 +16,7 @@
+----------------------------------------------------------------------+
*/
-/* $Id: php_mssql.c,v 1.149 2005/08/03 14:07:28 sniper Exp $ */
+/* $Id: php_mssql.c,v 1.150 2005/08/08 21:32:18 fmk Exp $ */
#ifdef COMPILE_DL_MSSQL
#define HAVE_MSSQL 1
@@ -994,34 +994,39 @@
if (statement->binds != NULL) { /* Maybe a
non-parameter sp */
if (zend_hash_find(statement->binds, parameter,
strlen(parameter), (void**)&bind)==SUCCESS) {
- switch (type) {
- case SQLBIT:
- case SQLINT1:
- case SQLINT2:
- case SQLINT4:
-
convert_to_long_ex(&bind->zval);
- /* FIXME this works
only on little endian machine !!! */
- Z_LVAL_P(bind->zval) =
*((int *)(dbretdata(mssql_ptr->link,i)));
- break;
-
- case SQLFLT4:
- case SQLFLT8:
- case SQLFLTN:
- case SQLMONEY4:
- case SQLMONEY:
- case SQLMONEYN:
-
convert_to_double_ex(&bind->zval);
- Z_DVAL_P(bind->zval) =
*((double *)(dbretdata(mssql_ptr->link,i)));
- break;
-
- case SQLCHAR:
- case SQLVARCHAR:
- case SQLTEXT:
-
convert_to_string_ex(&bind->zval);
- Z_STRLEN_P(bind->zval)
= dbretlen(mssql_ptr->link,i);
- Z_STRVAL_P(bind->zval)
= estrndup(dbretdata(mssql_ptr->link,i),Z_STRLEN_P(bind->zval));
- break;
- /* TODO binary */
+ if (!dbretlen(mssql_ptr->link,i)) {
+ ZVAL_NULL(bind->zval);
+ }
+ else {
+ switch (type) {
+ case SQLBIT:
+ case SQLINT1:
+ case SQLINT2:
+ case SQLINT4:
+
convert_to_long_ex(&bind->zval);
+ /* FIXME this
works only on little endian machine !!! */
+
Z_LVAL_P(bind->zval) = *((int *)(dbretdata(mssql_ptr->link,i)));
+ break;
+
+ case SQLFLT4:
+ case SQLFLT8:
+ case SQLFLTN:
+ case SQLMONEY4:
+ case SQLMONEY:
+ case SQLMONEYN:
+
convert_to_double_ex(&bind->zval);
+
Z_DVAL_P(bind->zval) = *((double *)(dbretdata(mssql_ptr->link,i)));
+ break;
+
+ case SQLCHAR:
+ case SQLVARCHAR:
+ case SQLTEXT:
+
convert_to_string_ex(&bind->zval);
+
Z_STRLEN_P(bind->zval) = dbretlen(mssql_ptr->link,i);
+
Z_STRVAL_P(bind->zval) =
estrndup(dbretdata(mssql_ptr->link,i),Z_STRLEN_P(bind->zval));
+ break;
+ /* TODO binary */
+ }
}
}
else {
@@ -1049,53 +1054,56 @@
int *column_types;
char computed_buf[16];
- column_types = (int *) safe_emalloc(sizeof(int), result->num_fields, 0);
- for (i=0; i<result->num_fields; i++) {
- char *source = NULL;
- char *fname = (char *)dbcolname(mssql_ptr->link,i+1);
-
- if (*fname) {
- result->fields[i].name = estrdup(fname);
- } else {
- if (j>0) {
- snprintf(computed_buf,16,"computed%d",j);
+ if (0==0 || !result->have_fields) {
+ column_types = (int *) safe_emalloc(sizeof(int),
result->num_fields, 0);
+ for (i=0; i<result->num_fields; i++) {
+ char *source = NULL;
+ char *fname = (char *)dbcolname(mssql_ptr->link,i+1);
+
+ if (*fname) {
+ result->fields[i].name = estrdup(fname);
} else {
- strcpy(computed_buf,"computed");
+ if (j>0) {
+
snprintf(computed_buf,16,"computed%d",j);
+ } else {
+ strcpy(computed_buf,"computed");
+ }
+ result->fields[i].name = estrdup(computed_buf);
+ j++;
+ }
+ result->fields[i].max_length =
dbcollen(mssql_ptr->link,i+1);
+ source = (char *)dbcolsource(mssql_ptr->link,i+1);
+ if (source) {
+ result->fields[i].column_source =
estrdup(source);
+ }
+ else {
+ result->fields[i].column_source =
STR_EMPTY_ALLOC();
+ }
+
+ column_types[i] = coltype(i+1);
+
+ Z_TYPE(result->fields[i]) = column_types[i];
+ /* set numeric flag */
+ switch (column_types[i]) {
+ case SQLINT1:
+ case SQLINT2:
+ case SQLINT4:
+ case SQLINTN:
+ case SQLFLT4:
+ case SQLFLT8:
+ case SQLNUMERIC:
+ case SQLDECIMAL:
+ result->fields[i].numeric = 1;
+ break;
+ case SQLCHAR:
+ case SQLVARCHAR:
+ case SQLTEXT:
+ default:
+ result->fields[i].numeric = 0;
+ break;
}
- result->fields[i].name = estrdup(computed_buf);
- j++;
- }
- result->fields[i].max_length = dbcollen(mssql_ptr->link,i+1);
- source = (char *)dbcolsource(mssql_ptr->link,i+1);
- if (source) {
- result->fields[i].column_source = estrdup(source);
- }
- else {
- result->fields[i].column_source = STR_EMPTY_ALLOC();
- }
-
- column_types[i] = coltype(i+1);
-
- Z_TYPE(result->fields[i]) = column_types[i];
- /* set numeric flag */
- switch (column_types[i]) {
- case SQLINT1:
- case SQLINT2:
- case SQLINT4:
- case SQLINTN:
- case SQLFLT4:
- case SQLFLT8:
- case SQLNUMERIC:
- case SQLDECIMAL:
- result->fields[i].numeric = 1;
- break;
- case SQLCHAR:
- case SQLVARCHAR:
- case SQLTEXT:
- default:
- result->fields[i].numeric = 0;
- break;
}
+ result->have_fields = 1;
}
i=0;
@@ -1110,7 +1118,7 @@
result->data[i] = (zval *) safe_emalloc(sizeof(zval),
result->num_fields, 0);
for (j=0; j<result->num_fields; j++) {
INIT_ZVAL(result->data[i][j]);
- MS_SQL_G(get_column_content(mssql_ptr, j+1,
&result->data[i][j], column_types[j] TSRMLS_CC));
+ MS_SQL_G(get_column_content(mssql_ptr, j+1,
&result->data[i][j], Z_TYPE(result->fields[j]) TSRMLS_CC));
}
if (i<result->batchsize || result->batchsize==0) {
i++;
@@ -1229,6 +1237,7 @@
result->blocks_initialized = 0;
result->mssql_ptr = mssql_ptr;
result->cur_field=result->cur_row=result->num_rows=0;
+ result->have_fields = 0;
result->fields = (mssql_field *) safe_emalloc(sizeof(mssql_field),
result->num_fields, 0);
result->num_rows = _mssql_fetch_batch(mssql_ptr, result, retvalue
TSRMLS_CC);
http://cvs.php.net/diff.php/php-src/ext/mssql/php_mssql.h?r1=1.41&r2=1.42&ty=u
Index: php-src/ext/mssql/php_mssql.h
diff -u php-src/ext/mssql/php_mssql.h:1.41 php-src/ext/mssql/php_mssql.h:1.42
--- php-src/ext/mssql/php_mssql.h:1.41 Wed Aug 3 10:07:28 2005
+++ php-src/ext/mssql/php_mssql.h Mon Aug 8 17:32:18 2005
@@ -17,7 +17,7 @@
*/
-/* $Id: php_mssql.h,v 1.41 2005/08/03 14:07:28 sniper Exp $ */
+/* $Id: php_mssql.h,v 1.42 2005/08/08 21:32:18 fmk Exp $ */
#ifndef PHP_MSSQL_H
#define PHP_MSSQL_H
@@ -188,7 +188,7 @@
int lastresult;
int blocks_initialized;
int cur_row,cur_field;
- int num_rows,num_fields;
+ int num_rows,num_fields,have_fields;
} mssql_result;
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
