felipe Tue, 20 Apr 2010 14:11:53 +0000 Revision: http://svn.php.net/viewvc?view=revision&revision=298218
Log: - Fixed bug #51609 (pg_copy_to: Invalid results when using fourth parameter) Bug: http://bugs.php.net/51609 (Open) pg_copy_to: Invalid results when using fourth parameter Changed paths: U php/php-src/branches/PHP_5_2/NEWS U php/php-src/branches/PHP_5_2/ext/pgsql/pgsql.c U php/php-src/branches/PHP_5_3/NEWS U php/php-src/branches/PHP_5_3/ext/pgsql/pgsql.c U php/php-src/trunk/ext/pgsql/pgsql.c Modified: php/php-src/branches/PHP_5_2/NEWS =================================================================== --- php/php-src/branches/PHP_5_2/NEWS 2010-04-20 13:50:34 UTC (rev 298217) +++ php/php-src/branches/PHP_5_2/NEWS 2010-04-20 14:11:53 UTC (rev 298218) @@ -12,6 +12,8 @@ - Fixed a NULL pointer dereference when processing invalid XML-RPC requests (Fixes CVE-2010-0397, bug #51288). (Raphael Geissert) +- Fixed bug #51609 (pg_copy_to: Invalid results when using fourth parameter). + (Felipe) - Fixed bug #51608 (pg_copy_to: WARNING: nonstandard use of \\ in a string literal). (cbandy at jbandy dot com) - Fixed bug #51445 (var_dump() invalid/slow *RECURSION* detection). (Felipe) Modified: php/php-src/branches/PHP_5_2/ext/pgsql/pgsql.c =================================================================== --- php/php-src/branches/PHP_5_2/ext/pgsql/pgsql.c 2010-04-20 13:50:34 UTC (rev 298217) +++ php/php-src/branches/PHP_5_2/ext/pgsql/pgsql.c 2010-04-20 14:11:53 UTC (rev 298218) @@ -3312,7 +3312,7 @@ { zval *pgsql_link; char *table_name, *pg_delim = NULL, *pg_null_as = NULL; - int table_name_len, pg_delim_len, pg_null_as_len; + int table_name_len, pg_delim_len, pg_null_as_len, free_pg_null = 0; char *query; int id = -1; PGconn *pgsql; @@ -3339,6 +3339,7 @@ if (!pg_null_as) { pg_null_as = safe_estrdup("\\\\N"); + free_pg_null = 1; } if (memchr(table_name, '.', table_name_len)) { @@ -3351,7 +3352,9 @@ PQclear(pgsql_result); } pgsql_result = PQexec(pgsql, query); - efree(pg_null_as); + if (free_pg_null) { + efree(pg_null_as); + } efree(query); if (pgsql_result) { Modified: php/php-src/branches/PHP_5_3/NEWS =================================================================== --- php/php-src/branches/PHP_5_3/NEWS 2010-04-20 13:50:34 UTC (rev 298217) +++ php/php-src/branches/PHP_5_3/NEWS 2010-04-20 14:11:53 UTC (rev 298218) @@ -18,6 +18,8 @@ requests (Fixes CVE-2010-0397, bug #51288). (Raphael Geissert) - Fixed 64-bit integer overflow in mhash_keygen_s2k(). (Clément LECIGNE, Stas) +- Fixed bug #51609 (pg_copy_to: Invalid results when using fourth parameter). + (Felipe) - Fixed bug #51608 (pg_copy_to: WARNING: nonstandard use of \\ in a string literal). (cbandy at jbandy dot com) - Fixed bug #51590 (JSON_ERROR_UTF8 is undefined). (Felipe) Modified: php/php-src/branches/PHP_5_3/ext/pgsql/pgsql.c =================================================================== --- php/php-src/branches/PHP_5_3/ext/pgsql/pgsql.c 2010-04-20 13:50:34 UTC (rev 298217) +++ php/php-src/branches/PHP_5_3/ext/pgsql/pgsql.c 2010-04-20 14:11:53 UTC (rev 298218) @@ -3735,7 +3735,7 @@ { zval *pgsql_link; char *table_name, *pg_delim = NULL, *pg_null_as = NULL; - int table_name_len, pg_delim_len, pg_null_as_len; + int table_name_len, pg_delim_len, pg_null_as_len, free_pg_null = 0; char *query; int id = -1; PGconn *pgsql; @@ -3762,6 +3762,7 @@ if (!pg_null_as) { pg_null_as = safe_estrdup("\\\\N"); + free_pg_null = 1; } if (memchr(table_name, '.', table_name_len)) { @@ -3774,7 +3775,9 @@ PQclear(pgsql_result); } pgsql_result = PQexec(pgsql, query); - efree(pg_null_as); + if (free_pg_null) { + efree(pg_null_as); + } efree(query); if (pgsql_result) { Modified: php/php-src/trunk/ext/pgsql/pgsql.c =================================================================== --- php/php-src/trunk/ext/pgsql/pgsql.c 2010-04-20 13:50:34 UTC (rev 298217) +++ php/php-src/trunk/ext/pgsql/pgsql.c 2010-04-20 14:11:53 UTC (rev 298218) @@ -3735,7 +3735,7 @@ { zval *pgsql_link; char *table_name, *pg_delim = NULL, *pg_null_as = NULL; - int table_name_len, pg_delim_len, pg_null_as_len; + int table_name_len, pg_delim_len, pg_null_as_len, free_pg_null = 0; char *query; int id = -1; PGconn *pgsql; @@ -3762,6 +3762,7 @@ if (!pg_null_as) { pg_null_as = safe_estrdup("\\\\N"); + free_pg_null = 1; } if (memchr(table_name, '.', table_name_len)) { @@ -3774,7 +3775,9 @@ PQclear(pgsql_result); } pgsql_result = PQexec(pgsql, query); - efree(pg_null_as); + if (free_pg_null) { + efree(pg_null_as); + } efree(query); if (pgsql_result) {
-- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
