From: bmr at comtime dot com
Operating system: Linux
PHP version: 4.3.4
PHP Bug Type: Sybase (dblib) related
Bug description: Improper handling of datetime results
Description:
------------
There is a bug with php_sybase_get_column_content(). This is observed
when you take a datetime column result and pass it into strtotime(). The
problem seems to be related to the string not being null terminated. Here
is the part of the function with the problem:
switch (coltype(offset)) {
case SYBBINARY:
case SYBVARBINARY:
case SYBIMAGE:
res_length *= 2;
break;
case SYBCHAR:
case SYBVARCHAR:
case SYBTEXT:
break;
default:
/* take no chances, no telling how big the result would really be */
res_length += 20;
break;
}
res_buf = (char *) emalloc(res_length+1);
memset(res_buf,' ',res_length+1); /* XXX i'm sure there's a better way
but i don't have sybase here to test
991105 thies<at>thieso.net */
dbconvert(NULL,coltype(offset),dbdata(sybase_ptr->link,offset),
src_length,SYBCHAR,res_buf,res_length);
Z_STRLEN_P(result) = res_length;
Z_STRVAL_P(result) = res_buf;
Z_TYPE_P(result) = IS_STRING;
------------------------------ end code ------------------
This does not null terminate the string coming back which causes problems.
I would have thought that since the length is stored with the value the
PHP would honor that and not go beyond that boundary, but this does not
appear to be the case. Adding this line after dbconvert() seems to fix
the problem:
res_buf[res_length] = '\0';
But the whole "res_length += 20" thing scares me a little as well.
Reproduce code:
---------------
See description. It would be hard to reproduce without setting up a
database, etc.
Expected result:
----------------
strtotime() returns 0.
--
Edit bug report at http://bugs.php.net/?id=28679&edit=1
--
Try a CVS snapshot (php4): http://bugs.php.net/fix.php?id=28679&r=trysnapshot4
Try a CVS snapshot (php5): http://bugs.php.net/fix.php?id=28679&r=trysnapshot5
Fixed in CVS: http://bugs.php.net/fix.php?id=28679&r=fixedcvs
Fixed in release: http://bugs.php.net/fix.php?id=28679&r=alreadyfixed
Need backtrace: http://bugs.php.net/fix.php?id=28679&r=needtrace
Need Reproduce Script: http://bugs.php.net/fix.php?id=28679&r=needscript
Try newer version: http://bugs.php.net/fix.php?id=28679&r=oldversion
Not developer issue: http://bugs.php.net/fix.php?id=28679&r=support
Expected behavior: http://bugs.php.net/fix.php?id=28679&r=notwrong
Not enough info: http://bugs.php.net/fix.php?id=28679&r=notenoughinfo
Submitted twice: http://bugs.php.net/fix.php?id=28679&r=submittedtwice
register_globals: http://bugs.php.net/fix.php?id=28679&r=globals
PHP 3 support discontinued: http://bugs.php.net/fix.php?id=28679&r=php3
Daylight Savings: http://bugs.php.net/fix.php?id=28679&r=dst
IIS Stability: http://bugs.php.net/fix.php?id=28679&r=isapi
Install GNU Sed: http://bugs.php.net/fix.php?id=28679&r=gnused
Floating point limitations: http://bugs.php.net/fix.php?id=28679&r=float
