iliaa Tue, 15 Nov 2011 18:02:58 +0000
Revision: http://svn.php.net/viewvc?view=revision&revision=319259
Log:
Fixed bug #60244 (pg_fetch_* functions do not validate that row param is >0).
Bug: https://bugs.php.net/60244 (Open) pg_fetch_* functions behave strangely
with row = -1
Changed paths:
U php/php-src/branches/PHP_5_3/NEWS
U php/php-src/branches/PHP_5_3/ext/pgsql/pgsql.c
A php/php-src/branches/PHP_5_3/ext/pgsql/tests/bug60244.phpt
U php/php-src/branches/PHP_5_4/ext/pgsql/pgsql.c
A php/php-src/branches/PHP_5_4/ext/pgsql/tests/bug60244.phpt
U php/php-src/trunk/ext/pgsql/pgsql.c
A php/php-src/trunk/ext/pgsql/tests/bug60244.phpt
Modified: php/php-src/branches/PHP_5_3/NEWS
===================================================================
--- php/php-src/branches/PHP_5_3/NEWS 2011-11-15 17:55:33 UTC (rev 319258)
+++ php/php-src/branches/PHP_5_3/NEWS 2011-11-15 18:02:58 UTC (rev 319259)
@@ -29,6 +29,10 @@
- Phar:
. Fixed bug #60261 (NULL pointer dereference in phar). (Felipe)
+- Postgres:
+ . Fixed bug #60244 (pg_fetch_* functions do not validate that row param
+ is >0). (Ilia)
+
- SOAP
. Fixed bug #44686 (SOAP-ERROR: Parsing WSDL with references). (Dmitry)
@@ -83,6 +87,10 @@
. Fixed bug #48476 (cloning extended DateTime class without calling
parent::__constr crashed PHP). (Hannes)
+- Json:
+ . Fixed bug #55543 (json_encode() with JSON_NUMERIC_CHECK fails on objects
+ with numeric string properties). (Ilia, dchurch at sciencelogic dot com)
+
- MySQL:
. Fixed bug #55550 (mysql.trace_mode miscounts result sets). (Johannes)
Modified: php/php-src/branches/PHP_5_3/ext/pgsql/pgsql.c
===================================================================
--- php/php-src/branches/PHP_5_3/ext/pgsql/pgsql.c 2011-11-15 17:55:33 UTC (rev 319258)
+++ php/php-src/branches/PHP_5_3/ext/pgsql/pgsql.c 2011-11-15 18:02:58 UTC (rev 319259)
@@ -2452,6 +2452,10 @@
} else {
convert_to_long(zrow);
row = Z_LVAL_P(zrow);
+ if (row < 0) {
+ php_error_docref(NULL TSRMLS_CC, E_WARNING, "The row parameter must be greater or equal to zero");
+ RETURN_FALSE;
+ }
}
use_row = ZEND_NUM_ARGS() > 1 && row != -1;
@@ -4798,10 +4802,24 @@
if (result_type & PGSQL_NUM) {
add_index_string(return_value, 0, pgsql_notify->relname, 1);
add_index_long(return_value, 1, pgsql_notify->be_pid);
+#if HAVE_PQPROTOCOLVERSION && HAVE_PQPARAMETERSTATUS
+ if (PQprotocolVersion(pgsql) >= 3 && atof(PQparameterStatus(pgsql, "server_version")) >= 9.0) {
+#else
+ if (atof(PG_VERSION) >= 9.0) {
+#endif
+ add_index_string(return_value, 2, pgsql_notify->extra, 1);
+ }
}
if (result_type & PGSQL_ASSOC) {
add_assoc_string(return_value, "message", pgsql_notify->relname, 1);
add_assoc_long(return_value, "pid", pgsql_notify->be_pid);
+#if HAVE_PQPROTOCOLVERSION && HAVE_PQPARAMETERSTATUS
+ if (PQprotocolVersion(pgsql) >= 3 && atof(PQparameterStatus(pgsql, "server_version")) >= 9.0) {
+#else
+ if (atof(PG_VERSION) >= 9.0) {
+#endif
+ add_assoc_string(return_value, "payload", pgsql_notify->extra, 1);
+ }
}
PQfreemem(pgsql_notify);
}
Added: php/php-src/branches/PHP_5_3/ext/pgsql/tests/bug60244.phpt
===================================================================
--- php/php-src/branches/PHP_5_3/ext/pgsql/tests/bug60244.phpt (rev 0)
+++ php/php-src/branches/PHP_5_3/ext/pgsql/tests/bug60244.phpt 2011-11-15 18:02:58 UTC (rev 319259)
@@ -0,0 +1,57 @@
+--TEST--
+Bug #60244 (pg_fetch_* functions do not validate that row param is >0)
+--SKIPIF--
+<?php
+include("skipif.inc");
+?>
+--FILE--
+<?php
+
+include 'config.inc';
+
+$db = pg_connect($conn_str);
+$result = pg_query("select 'a' union select 'b'");
+
+var_dump(pg_fetch_array($result, -1));
+var_dump(pg_fetch_assoc($result, -1));
+var_dump(pg_fetch_object($result, -1));
+var_dump(pg_fetch_row($result, -1));
+
+var_dump(pg_fetch_array($result, 0));
+var_dump(pg_fetch_assoc($result, 0));
+var_dump(pg_fetch_object($result, 0));
+var_dump(pg_fetch_row($result, 0));
+
+pg_close($db);
+
+?>
+--EXPECTF--
+Warning: pg_fetch_array(): The row parameter must be greater or equal to zero in %sbug60244.php on line %d
+bool(false)
+
+Warning: pg_fetch_assoc(): The row parameter must be greater or equal to zero in %sbug60244.php on line %d
+bool(false)
+
+Warning: pg_fetch_object(): The row parameter must be greater or equal to zero in %sbug60244.php on line %d
+bool(false)
+
+Warning: pg_fetch_row(): The row parameter must be greater or equal to zero in %sbug60244.php on line %d
+bool(false)
+array(2) {
+ [0]=>
+ string(1) "a"
+ ["?column?"]=>
+ string(1) "a"
+}
+array(1) {
+ ["?column?"]=>
+ string(1) "a"
+}
+object(stdClass)#1 (1) {
+ ["?column?"]=>
+ string(1) "a"
+}
+array(1) {
+ [0]=>
+ string(1) "a"
+}
Modified: php/php-src/branches/PHP_5_4/ext/pgsql/pgsql.c
===================================================================
--- php/php-src/branches/PHP_5_4/ext/pgsql/pgsql.c 2011-11-15 17:55:33 UTC (rev 319258)
+++ php/php-src/branches/PHP_5_4/ext/pgsql/pgsql.c 2011-11-15 18:02:58 UTC (rev 319259)
@@ -2452,6 +2452,10 @@
} else {
convert_to_long(zrow);
row = Z_LVAL_P(zrow);
+ if (row < 0) {
+ php_error_docref(NULL TSRMLS_CC, E_WARNING, "The row parameter must be greater or equal to zero");
+ RETURN_FALSE;
+ }
}
use_row = ZEND_NUM_ARGS() > 1 && row != -1;
Added: php/php-src/branches/PHP_5_4/ext/pgsql/tests/bug60244.phpt
===================================================================
--- php/php-src/branches/PHP_5_4/ext/pgsql/tests/bug60244.phpt (rev 0)
+++ php/php-src/branches/PHP_5_4/ext/pgsql/tests/bug60244.phpt 2011-11-15 18:02:58 UTC (rev 319259)
@@ -0,0 +1,57 @@
+--TEST--
+Bug #60244 (pg_fetch_* functions do not validate that row param is >0)
+--SKIPIF--
+<?php
+include("skipif.inc");
+?>
+--FILE--
+<?php
+
+include 'config.inc';
+
+$db = pg_connect($conn_str);
+$result = pg_query("select 'a' union select 'b'");
+
+var_dump(pg_fetch_array($result, -1));
+var_dump(pg_fetch_assoc($result, -1));
+var_dump(pg_fetch_object($result, -1));
+var_dump(pg_fetch_row($result, -1));
+
+var_dump(pg_fetch_array($result, 0));
+var_dump(pg_fetch_assoc($result, 0));
+var_dump(pg_fetch_object($result, 0));
+var_dump(pg_fetch_row($result, 0));
+
+pg_close($db);
+
+?>
+--EXPECTF--
+Warning: pg_fetch_array(): The row parameter must be greater or equal to zero in %sbug60244.php on line %d
+bool(false)
+
+Warning: pg_fetch_assoc(): The row parameter must be greater or equal to zero in %sbug60244.php on line %d
+bool(false)
+
+Warning: pg_fetch_object(): The row parameter must be greater or equal to zero in %sbug60244.php on line %d
+bool(false)
+
+Warning: pg_fetch_row(): The row parameter must be greater or equal to zero in %sbug60244.php on line %d
+bool(false)
+array(2) {
+ [0]=>
+ string(1) "a"
+ ["?column?"]=>
+ string(1) "a"
+}
+array(1) {
+ ["?column?"]=>
+ string(1) "a"
+}
+object(stdClass)#1 (1) {
+ ["?column?"]=>
+ string(1) "a"
+}
+array(1) {
+ [0]=>
+ string(1) "a"
+}
Modified: php/php-src/trunk/ext/pgsql/pgsql.c
===================================================================
--- php/php-src/trunk/ext/pgsql/pgsql.c 2011-11-15 17:55:33 UTC (rev 319258)
+++ php/php-src/trunk/ext/pgsql/pgsql.c 2011-11-15 18:02:58 UTC (rev 319259)
@@ -2452,6 +2452,10 @@
} else {
convert_to_long(zrow);
row = Z_LVAL_P(zrow);
+ if (row < 0) {
+ php_error_docref(NULL TSRMLS_CC, E_WARNING, "The row parameter must be greater or equal to zero");
+ RETURN_FALSE;
+ }
}
use_row = ZEND_NUM_ARGS() > 1 && row != -1;
Added: php/php-src/trunk/ext/pgsql/tests/bug60244.phpt
===================================================================
--- php/php-src/trunk/ext/pgsql/tests/bug60244.phpt (rev 0)
+++ php/php-src/trunk/ext/pgsql/tests/bug60244.phpt 2011-11-15 18:02:58 UTC (rev 319259)
@@ -0,0 +1,57 @@
+--TEST--
+Bug #60244 (pg_fetch_* functions do not validate that row param is >0)
+--SKIPIF--
+<?php
+include("skipif.inc");
+?>
+--FILE--
+<?php
+
+include 'config.inc';
+
+$db = pg_connect($conn_str);
+$result = pg_query("select 'a' union select 'b'");
+
+var_dump(pg_fetch_array($result, -1));
+var_dump(pg_fetch_assoc($result, -1));
+var_dump(pg_fetch_object($result, -1));
+var_dump(pg_fetch_row($result, -1));
+
+var_dump(pg_fetch_array($result, 0));
+var_dump(pg_fetch_assoc($result, 0));
+var_dump(pg_fetch_object($result, 0));
+var_dump(pg_fetch_row($result, 0));
+
+pg_close($db);
+
+?>
+--EXPECTF--
+Warning: pg_fetch_array(): The row parameter must be greater or equal to zero in %sbug60244.php on line %d
+bool(false)
+
+Warning: pg_fetch_assoc(): The row parameter must be greater or equal to zero in %sbug60244.php on line %d
+bool(false)
+
+Warning: pg_fetch_object(): The row parameter must be greater or equal to zero in %sbug60244.php on line %d
+bool(false)
+
+Warning: pg_fetch_row(): The row parameter must be greater or equal to zero in %sbug60244.php on line %d
+bool(false)
+array(2) {
+ [0]=>
+ string(1) "a"
+ ["?column?"]=>
+ string(1) "a"
+}
+array(1) {
+ ["?column?"]=>
+ string(1) "a"
+}
+object(stdClass)#1 (1) {
+ ["?column?"]=>
+ string(1) "a"
+}
+array(1) {
+ [0]=>
+ string(1) "a"
+}
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
