sixd Fri, 16 Apr 2010 20:36:40 +0000 Revision: http://svn.php.net/viewvc?view=revision&revision=298086
Log: Fixed Bug #51577 (Uninitialized memory reference with oci_bind_array_by_name) Bug: http://bugs.php.net/51577 (Open) Uninitialized memory reference with oci_bind_array_by_name Changed paths: U php/php-src/branches/PHP_5_3/NEWS U php/php-src/branches/PHP_5_3/ext/oci8/oci8_statement.c U php/php-src/trunk/ext/oci8/oci8_statement.c Modified: php/php-src/branches/PHP_5_3/NEWS =================================================================== --- php/php-src/branches/PHP_5_3/NEWS 2010-04-16 19:47:23 UTC (rev 298085) +++ php/php-src/branches/PHP_5_3/NEWS 2010-04-16 20:36:40 UTC (rev 298086) @@ -17,6 +17,7 @@ - Fixed a NULL pointer dereference when processing invalid XML-RPC requests (Fixes CVE-2010-0397, bug #51288). (Raphael Geissert) +- Fixed Bug #51577 (Uninitialized memory reference with oci_bind_array_by_name) - Fixed bug #51445 (var_dump() invalid/slow *RECURSION* detection). (Felipe) - Fixed bug #51394 (Error line reported incorrectly if error handler throws an exception). (Stas) Modified: php/php-src/branches/PHP_5_3/ext/oci8/oci8_statement.c =================================================================== --- php/php-src/branches/PHP_5_3/ext/oci8/oci8_statement.c 2010-04-16 19:47:23 UTC (rev 298085) +++ php/php-src/branches/PHP_5_3/ext/oci8/oci8_statement.c 2010-04-16 20:36:40 UTC (rev 298086) @@ -809,8 +809,16 @@ int php_oci_bind_pre_exec(void *data, void *result TSRMLS_DC) { php_oci_bind *bind = (php_oci_bind *) data; + *(int *)result = 0; + if (Z_TYPE_P(bind->zval) == IS_ARRAY) { + /* These checks are currently valid for oci_bind_by_name, not + * oci_bind_array_by_name. Also bind->type and + * bind->indicator are not used for oci_bind_array_by_name. + */ + return 0; + } switch (bind->type) { case SQLT_NTY: case SQLT_BFILEE: @@ -850,9 +858,8 @@ } break; } - + /* reset all bind stuff to a normal state..-. */ - bind->indicator = 0; return 0; Modified: php/php-src/trunk/ext/oci8/oci8_statement.c =================================================================== --- php/php-src/trunk/ext/oci8/oci8_statement.c 2010-04-16 19:47:23 UTC (rev 298085) +++ php/php-src/trunk/ext/oci8/oci8_statement.c 2010-04-16 20:36:40 UTC (rev 298086) @@ -809,8 +809,16 @@ int php_oci_bind_pre_exec(void *data, void *result TSRMLS_DC) { php_oci_bind *bind = (php_oci_bind *) data; + *(int *)result = 0; + if (Z_TYPE_P(bind->zval) == IS_ARRAY) { + /* These checks are currently valid for oci_bind_by_name, not + * oci_bind_array_by_name. Also bind->type and + * bind->indicator are not used for oci_bind_array_by_name. + */ + return 0; + } switch (bind->type) { case SQLT_NTY: case SQLT_BFILEE: @@ -850,9 +858,8 @@ } break; } - + /* reset all bind stuff to a normal state..-. */ - bind->indicator = 0; return 0;
-- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php