mirror of
https://github.com/php/php-src.git
synced 2026-04-01 13:12:16 +02:00
55f6895f4b
We must not free parameters which we haven't initialized yet. We also fix the not directly related issue, that we checked for the wrong value being `NULL`, potentially causing a segfault.
28 lines
675 B
PHP
28 lines
675 B
PHP
--TEST--
|
|
Bug #81720 (Uninitialized array in pg_query_params() leading to RCE)
|
|
--SKIPIF--
|
|
<?php include("skipif.inc"); ?>
|
|
--FILE--
|
|
<?php
|
|
include('config.inc');
|
|
|
|
$conn = pg_connect($conn_str);
|
|
|
|
try {
|
|
pg_query_params($conn, 'SELECT $1, $2', [1, new stdClass()]);
|
|
} catch (Throwable $ex) {
|
|
echo $ex->getMessage(), PHP_EOL;
|
|
}
|
|
|
|
try {
|
|
pg_send_prepare($conn, "my_query", 'SELECT $1, $2');
|
|
pg_get_result($conn);
|
|
pg_send_execute($conn, "my_query", [1, new stdClass()]);
|
|
} catch (Throwable $ex) {
|
|
echo $ex->getMessage(), PHP_EOL;
|
|
}
|
|
?>
|
|
--EXPECT--
|
|
Object of class stdClass could not be converted to string
|
|
Object of class stdClass could not be converted to string
|