From: bmr at comtime dot com Operating system: Linux PHP version: 4.3.4 PHP Bug Type: Sybase (dblib) related Bug description: Improper handling of datetime results
Description: ------------ There is a bug with php_sybase_get_column_content(). This is observed when you take a datetime column result and pass it into strtotime(). The problem seems to be related to the string not being null terminated. Here is the part of the function with the problem: switch (coltype(offset)) { case SYBBINARY: case SYBVARBINARY: case SYBIMAGE: res_length *= 2; break; case SYBCHAR: case SYBVARCHAR: case SYBTEXT: break; default: /* take no chances, no telling how big the result would really be */ res_length += 20; break; } res_buf = (char *) emalloc(res_length+1); memset(res_buf,' ',res_length+1); /* XXX i'm sure there's a better way but i don't have sybase here to test 991105 thies<at>thieso.net */ dbconvert(NULL,coltype(offset),dbdata(sybase_ptr->link,offset), src_length,SYBCHAR,res_buf,res_length); Z_STRLEN_P(result) = res_length; Z_STRVAL_P(result) = res_buf; Z_TYPE_P(result) = IS_STRING; ------------------------------ end code ------------------ This does not null terminate the string coming back which causes problems. I would have thought that since the length is stored with the value the PHP would honor that and not go beyond that boundary, but this does not appear to be the case. Adding this line after dbconvert() seems to fix the problem: res_buf[res_length] = '\0'; But the whole "res_length += 20" thing scares me a little as well. Reproduce code: --------------- See description. It would be hard to reproduce without setting up a database, etc. Expected result: ---------------- strtotime() returns 0. -- Edit bug report at http://bugs.php.net/?id=28679&edit=1 -- Try a CVS snapshot (php4): http://bugs.php.net/fix.php?id=28679&r=trysnapshot4 Try a CVS snapshot (php5): http://bugs.php.net/fix.php?id=28679&r=trysnapshot5 Fixed in CVS: http://bugs.php.net/fix.php?id=28679&r=fixedcvs Fixed in release: http://bugs.php.net/fix.php?id=28679&r=alreadyfixed Need backtrace: http://bugs.php.net/fix.php?id=28679&r=needtrace Need Reproduce Script: http://bugs.php.net/fix.php?id=28679&r=needscript Try newer version: http://bugs.php.net/fix.php?id=28679&r=oldversion Not developer issue: http://bugs.php.net/fix.php?id=28679&r=support Expected behavior: http://bugs.php.net/fix.php?id=28679&r=notwrong Not enough info: http://bugs.php.net/fix.php?id=28679&r=notenoughinfo Submitted twice: http://bugs.php.net/fix.php?id=28679&r=submittedtwice register_globals: http://bugs.php.net/fix.php?id=28679&r=globals PHP 3 support discontinued: http://bugs.php.net/fix.php?id=28679&r=php3 Daylight Savings: http://bugs.php.net/fix.php?id=28679&r=dst IIS Stability: http://bugs.php.net/fix.php?id=28679&r=isapi Install GNU Sed: http://bugs.php.net/fix.php?id=28679&r=gnused Floating point limitations: http://bugs.php.net/fix.php?id=28679&r=float