php/archived-php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2026-03-24 00:02:20 +01:00
Code Issues Packages Projects Releases Wiki Activity

ext/pdo_firebird: Throw ValueError if cursor name is too long (#17173)

Browse Source 
Co-authored-by: Saki Takamachi <34942839+SakiTakamachi@users.noreply.github.com>
This commit is contained in:
Gina Peter Banyard
2024-12-17 13:15:47 +00:00
committed by GitHub
parent 91b7f12cf1
commit 916288e85c
2 changed files with 39 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
ext/pdo_firebird/firebird_statement.c
View File

@@ -887,15 +887,25 @@ static int pdo_firebird_stmt_set_attribute(pdo_stmt_t *stmt, zend_long attr, zva
default:
return 0;
case PDO_ATTR_CURSOR_NAME:
if (!try_convert_to_string(val)) {
zend_string *str_val = zval_try_get_string(val);
if (str_val == NULL) {
return 0;
}
// TODO Check cursor name does not have null bytes?
if (ZSTR_LEN(str_val) >= sizeof(S->name)) {
zend_value_error("Cursor name must not be longer than %zu bytes", sizeof(S->name) - 1);
zend_string_release(str_val);
return 0;
}
if (isc_dsql_set_cursor_name(S->H->isc_status, &S->stmt, Z_STRVAL_P(val),0)) {
if (isc_dsql_set_cursor_name(S->H->isc_status, &S->stmt, ZSTR_VAL(str_val), 0)) {
php_firebird_error_stmt(stmt);
zend_string_release(str_val);
return 0;
}
strlcpy(S->name, Z_STRVAL_P(val), sizeof(S->name));
/* Include trailing nul byte */
memcpy(S->name, ZSTR_VAL(str_val), ZSTR_LEN(str_val) + 1);
zend_string_release(str_val);
break;
}
return 1;

26
ext/pdo_firebird/tests/setCursorAttribute.phpt Normal file
View File

@@ -0,0 +1,26 @@
--TEST--
Throw value error if cursor name is too long
--EXTENSIONS--
pdo_firebird
--SKIPIF--
<?php require 'skipif.inc'; ?>
--XLEAK--
A bug in firebird causes a memory leak when calling `isc_attach_database()`.
See https://github.com/FirebirdSQL/firebird/issues/7849
--FILE--
<?php
require 'testdb.inc';
$dbh = getDbConnection();
$query = 'SELECT 1 FROM RDB$DATABASE';
$stmt = $dbh->query($query);
try {
$stmt->setAttribute(PDO::ATTR_CURSOR_NAME, str_repeat('a', 35));
} catch (Throwable $e) {
echo $e::class, ': ', $e->getMessage(), PHP_EOL;
}
?>
--EXPECT--
ValueError: Cursor name must not be longer than 31 bytes