[Pkg-php-commits] [php/debian-sid] Cherry-pick fix for possible crash in php_mssql_get_column_content_without_type()
Ondřej Surý
ondrej at sury.org
Wed Nov 17 09:48:09 UTC 2010
---
...php_mssql_get_column_content_without_type.patch | 17 +++++++++++++++++
debian/patches/series | 1 +
2 files changed, 18 insertions(+), 0 deletions(-)
create mode 100644 debian/patches/fix_crash_in__php_mssql_get_column_content_without_type.patch
diff --git a/debian/patches/fix_crash_in__php_mssql_get_column_content_without_type.patch b/debian/patches/fix_crash_in__php_mssql_get_column_content_without_type.patch
new file mode 100644
index 0000000..4d199af
--- /dev/null
+++ b/debian/patches/fix_crash_in__php_mssql_get_column_content_without_type.patch
@@ -0,0 +1,17 @@
+--- a/ext/mssql/php_mssql.c
++++ b/ext/mssql/php_mssql.c
+@@ -1091,6 +1091,14 @@ static void php_mssql_get_column_content
+ unsigned char *res_buf;
+ int res_length = dbdatlen(mssql_ptr->link, offset);
+
++ if (res_length == 0) {
++ ZVAL_NULL(result);
++ return;
++ } else if (res_length < 0) {
++ ZVAL_FALSE(result);
++ return;
++ }
++
+ res_buf = (unsigned char *) emalloc(res_length+1);
+ bin = ((DBBINARY *)dbdata(mssql_ptr->link, offset));
+ res_buf[res_length] = '\0';
diff --git a/debian/patches/series b/debian/patches/series
index 24ea326..10fbc0d 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -61,3 +61,4 @@ CVE-2010-4156.patch
bug52573.patch
bug52487.patch
bug50481.patch
+fix_crash_in__php_mssql_get_column_content_without_type.patch
--
1.7.1
More information about the Pkg-php-commits
mailing list