From 968fbc6acf0bc27be17c0209be7f966e89a55943 Mon Sep 17 00:00:00 2001 From: Stanislav Malyshev Date: Sun, 22 Mar 2015 18:20:59 -0700 Subject: [PATCH] Bacport fix bug #68741 - Null pointer dereference --- NEWS | 3 +++ ext/pgsql/pgsql.c | 3 +++ 2 files changed, 6 insertions(+) diff --git a/ext/pgsql/pgsql.c b/ext/pgsql/pgsql.c index 16ce7bf..eb55777 100644 --- a/ext/pgsql/pgsql.c +++ b/ext/pgsql/pgsql.c @@ -6118,6 +6118,9 @@ static inline void build_tablename(smart_str *querystr, PGconn *pg_link, const c /* schame.table should be "schame"."table" */ table_copy = estrdup(table); token = php_strtok_r(table_copy, ".", &tmp); + if (token == NULL) { + token = table; + } len = strlen(token); if (_php_pgsql_detect_identifier_escape(token, len) == SUCCESS) { smart_str_appendl(querystr, token, len); -- 2.1.4 From 2cc4e69cc6d8dbc4b3568ad3dd583324a7c11d64 Mon Sep 17 00:00:00 2001 From: Remi Collet Date: Wed, 20 May 2015 08:08:41 +0200 Subject: [PATCH] Fixed Bug #69667 segfault in php_pgsql_meta_data Incomplete fix for #68741 --- ext/pgsql/pg_insert_002.phpt | 27 +++++++++++++++++++++++++++ ext/pgsql/pgsql.c | 9 +++++++-- 2 files changed, 34 insertions(+), 2 deletions(-) create mode 100644 ext/pgsql/pg_insert_002.phpt diff --git a/ext/pgsql/pgsql.c b/ext/pgsql/pgsql.c index 23d55cb..5418b3c 100644 --- a/ext/pgsql/pgsql.c +++ b/ext/pgsql/pgsql.c @@ -5104,7 +5104,11 @@ PHP_PGSQL_API int php_pgsql_meta_data(PGconn *pg_link, const char *table_name, z src = estrdup(table_name); tmp_name = php_strtok_r(src, ".", &tmp_name2); - + if (!tmp_name) { + efree(src); + php_error_docref(NULL TSRMLS_CC, E_WARNING, "The table name must be specified"); + return FAILURE; + } if (!tmp_name2 || !*tmp_name2) { /* Default schema */ tmp_name2 = tmp_name; @@ -6112,7 +6116,8 @@ static int do_exec(smart_str *querystr, int expect, PGconn *pg_link, ulong opt T static inline void build_tablename(smart_str *querystr, PGconn *pg_link, const char *table) { - char *table_copy, *escaped, *token, *tmp; + char *table_copy, *escaped, *tmp; + const char *token; size_t len; /* schame.table should be "schame"."table" */ -- 2.1.4 From 3be4e5d71af3d7f495876fabd5a9ce46580e2d0d Mon Sep 17 00:00:00 2001 From: Remi Collet Date: Wed, 20 May 2015 14:02:13 +0200 Subject: [PATCH] move test --- ext/pgsql/pg_insert_002.phpt | 27 --------------------------- ext/pgsql/tests/pg_insert_002.phpt | 27 +++++++++++++++++++++++++++ 2 files changed, 27 insertions(+), 27 deletions(-) delete mode 100644 ext/pgsql/pg_insert_002.phpt create mode 100644 ext/pgsql/tests/pg_insert_002.phpt diff --git a/ext/pgsql/tests/pg_insert_002.phpt b/ext/pgsql/tests/pg_insert_002.phpt new file mode 100644 index 0000000..87d87b8 --- /dev/null +++ b/ext/pgsql/tests/pg_insert_002.phpt @@ -0,0 +1,27 @@ +--TEST-- +PostgreSQL pg_select() - basic test using schema +--SKIPIF-- + +--FILE-- + 1, 'id2' => 1))); +} +?> +Done +--EXPECTF-- + +Warning: pg_insert(): The table name must be specified in %s on line %d +bool(false) + +Warning: pg_insert(): The table name must be specified in %s on line %d +bool(false) + +Warning: pg_insert(): The table name must be specified in %s on line %d +bool(false) +Done \ No newline at end of file -- 2.1.4