Browse Source

Merge branch 'PHP-7.0' into PHP-7.1

* PHP-7.0:
  Add bug #74625 to package.xml
  Add IN bind case to bug74625.phpt
  Fixed bug #74625 (Integer overflow in oci_bind_array_by_name).
pull/2588/merge
Christopher Jones 9 years ago
parent
commit
5d666d2a02
  1. 31
      ext/oci8/oci8_statement.c
  2. 2
      ext/oci8/package.xml
  3. 65
      ext/oci8/tests/bug74625.phpt

31
ext/oci8/oci8_statement.c

@ -38,6 +38,13 @@
#include "php_oci8.h"
#include "php_oci8_int.h"
#if defined(OCI_MAJOR_VERSION) && (OCI_MAJOR_VERSION > 10) && \
(defined(__x86_64__) || defined(__LP64__) || defined(_LP64) || defined(_WIN64))
typedef ub8 oci_phpsized_int;
#else
typedef ub4 oci_phpsized_int;
#endif
/* {{{ php_oci_statement_create()
Create statemend handle and allocate necessary resources */
php_oci_statement *php_oci_statement_create(php_oci_connection *connection, char *query, int query_len)
@ -997,10 +1004,10 @@ int php_oci_bind_post_exec(zval *data)
for (i = 0; i < (int) bind->array.current_length; i++) {
if ((i < (int) bind->array.old_length) && (entry = zend_hash_get_current_data(hash)) != NULL) {
zval_dtor(entry);
ZVAL_LONG(entry, ((ub4 *)(bind->array.elements))[i]);
ZVAL_LONG(entry, ((oci_phpsized_int *)(bind->array.elements))[i]);
zend_hash_move_forward(hash);
} else {
add_next_index_long(bind->zval, ((ub4 *)(bind->array.elements))[i]);
add_next_index_long(bind->zval, ((oci_phpsized_int *)(bind->array.elements))[i]);
}
}
break;
@ -1153,14 +1160,8 @@ int php_oci_bind_by_name(php_oci_statement *statement, char *name, size_t name_l
return 1;
}
convert_to_long(param);
#if defined(OCI_MAJOR_VERSION) && (OCI_MAJOR_VERSION > 10) && \
(defined(__x86_64__) || defined(__LP64__) || defined(_LP64) || defined(_WIN64))
bind_data = (ub8 *)&Z_LVAL_P(param);
value_sz = sizeof(ub8);
#else
bind_data = (ub4 *)&Z_LVAL_P(param);
value_sz = sizeof(ub4);
#endif
bind_data = (oci_phpsized_int *)&Z_LVAL_P(param);
value_sz = sizeof(oci_phpsized_int);
mode = OCI_DEFAULT;
break;
@ -1783,10 +1784,10 @@ php_oci_bind *php_oci_bind_array_helper_number(zval *var, zend_long max_table_le
bind = emalloc(sizeof(php_oci_bind));
ZVAL_UNDEF(&bind->parameter);
bind->array.elements = (ub4 *)safe_emalloc(max_table_length, sizeof(ub4), 0);
bind->array.elements = (oci_phpsized_int *)safe_emalloc(max_table_length, sizeof(oci_phpsized_int), 0);
bind->array.current_length = zend_hash_num_elements(Z_ARRVAL_P(var));
bind->array.old_length = bind->array.current_length;
bind->array.max_length = sizeof(ub4);
bind->array.max_length = sizeof(oci_phpsized_int);
bind->array.element_lengths = safe_emalloc(max_table_length, sizeof(ub2), 0);
memset(bind->array.element_lengths, 0, max_table_length * sizeof(ub2));
bind->array.indicators = NULL;
@ -1794,14 +1795,14 @@ php_oci_bind *php_oci_bind_array_helper_number(zval *var, zend_long max_table_le
zend_hash_internal_pointer_reset(hash);
for (i = 0; i < max_table_length; i++) {
if (i < bind->array.current_length) {
bind->array.element_lengths[i] = sizeof(ub4);
bind->array.element_lengths[i] = sizeof(oci_phpsized_int);
}
if ((i < bind->array.current_length) && (entry = zend_hash_get_current_data(hash)) != NULL) {
convert_to_long_ex(entry);
((ub4 *)bind->array.elements)[i] = (ub4) Z_LVAL_P(entry);
((oci_phpsized_int *)bind->array.elements)[i] = (oci_phpsized_int) Z_LVAL_P(entry);
zend_hash_move_forward(hash);
} else {
((ub4 *)bind->array.elements)[i] = 0;
((oci_phpsized_int *)bind->array.elements)[i] = 0;
}
}
zend_hash_internal_pointer_reset(hash);

2
ext/oci8/package.xml

@ -61,6 +61,7 @@ Interoperability Support" (ID 207303.1) for details.
<notes>
This version is for PHP 7 only.
Added TAF callback support (PR #2459, KoenigsKind)
Fixed bug #74625 (Integer overflow in oci_bind_array_by_name). (Ingmar Runge)
</notes>
<contents>
<dir name="/">
@ -164,6 +165,7 @@ Added TAF callback support (PR #2459, KoenigsKind)
<file name="bug71422.phpt" role="test" />
<file name="bug71600.phpt" role="test" />
<file name="bug72524.phpt" role="test" />
<file name="bug74625.phpt" role="test" />
<file name="clientversion.phpt" role="test" />
<file name="close.phpt" role="test" />
<file name="coll_001.phpt" role="test" />

65
ext/oci8/tests/bug74625.phpt

@ -0,0 +1,65 @@
--TEST--
Bug #74625 (Integer overflow in oci_bind_array_by_name)
--SKIPIF--
<?php
if (!extension_loaded('oci8')) die ("skip no oci8 extension");
?>
--FILE--
<?php
require(dirname(__FILE__).'/connect.inc');
// Initialization
$stmtarray = array(
"CREATE TABLE bug74625_tab (NAME NUMBER)",
"CREATE OR REPLACE PACKAGE PKG74625 AS
TYPE ARRTYPE IS TABLE OF NUMBER INDEX BY BINARY_INTEGER;
PROCEDURE iobind(c1 IN OUT ARRTYPE);
END PKG74625;",
"CREATE OR REPLACE PACKAGE BODY PKG74625 AS
PROCEDURE iobind(c1 IN OUT ARRTYPE) IS
BEGIN
FOR i IN 1..5 LOOP
c1(i) := c1(i) * 2;
END LOOP;
END iobind;
END PKG74625;"
);
oci8_test_sql_execute($c, $stmtarray);
$statement = oci_parse($c, "BEGIN pkg74625.iobind(:c1); END;");
$array = Array(-1,-2,-3,-4,-5);
oci_bind_array_by_name($statement, ":c1", $array, 5, -1, SQLT_INT);
oci_execute($statement);
var_dump($array);
// Cleanup
$stmtarray = array(
"DROP TABLE bug74625_tab",
"DROP PACKAGE PKG74625"
);
oci8_test_sql_execute($c, $stmtarray);
?>
===DONE===
<?php exit(0); ?>
--EXPECTF--
array(5) {
[0]=>
int(-2)
[1]=>
int(-4)
[2]=>
int(-6)
[3]=>
int(-8)
[4]=>
int(-10)
}
===DONE===
Loading…
Cancel
Save