PHPBuilder.com, the best resource for PHP tutorials, templates, PHP manuals, content management systems, scripts, classes and more.

Linux Today
Enterprise Linux Today
Apache Today
JustLinux.com
Linux Planet
PHPBuilder
All Linux Devices
Hiermenus
DatabaseJournal
Technology Jobs

IT
Developer
Internet News
Small Business
Personal Technology
International

Search internet.com
Advertise
Corporate Info
Newsletters
Tech Jobs
E-mail Offers

Covalent Extends Apache 2.0 to Microsoft ASP.NET
ShopWorX - Support for Windows
PHP Security Advisory: Vulnerability in PHP versions 4.2.0 and 4.2.1
Network Risk Assessment
Full-Featured, Java-Based Apache GUI

Partners & Affiliates

The Benefits of Using Objects with Databases
Introducing SQLyog, a MySQL Front End
HTML_Graphs
Getting Started with PHP/Ming
In Case You Missed It...The Week of April 3rd, 2006

[PHP-DEV] Bug #1012: Crash in SQLServer Image Column Conversion From: bro <email protected>
Date: 12/29/98

Next message: Michael Brennen: "Re: [PHP-DEV] Another latest CVS problem"
Previous message: sas: "[PHP-DEV] CVS update: php3/functions"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: bro <email protected>
Operating system: Linux
PHP version: 3.0.6
PHP Bug Type: Sybase (dblib) related
Bug description: Crash in SQLServer Image Column Conversion

php3_sybase_get_column_content in sybase.c (DB-Lib)
crashes with buffer overflow when converting binary columns.
The result of the IMAGE/VARBINARY to CHAR conversion is a
hex string -> needs 2 bytes for each binary byte.

The Patch below fixes this and also adds a bit more space
for DATE conversions. Also works with MS-SQLServer.

---- cut ----
*** php-3.0.6/functions/sybase.c.orig Fri Sep 11 01:57:23 1998
--- php-3.0.6/functions/sybase.c Tue Dec 29 15:44:08 1998
***************
*** 637,639 ****
                                  char *res_buf;
! int res_length = dbdatlen(sybase_ptr->link,offset);
                                  register char *p;
--- 637,640 ----
                                  char *res_buf;
! int dat_length = dbdatlen(sybase_ptr->link,offset);
! int res_length = dat_length;
                                  register char *p;
***************
*** 641,644 ****
                                  switch (coltype(offset)) {
- case SYBBINARY:
- case SYBVARBINARY:
                                          case SYBCHAR:
--- 642,643 ----
***************
*** 646,648 ****
--- 645,652 ----
                                          case SYBTEXT:
+ break;
+ case SYBBINARY:
+ case SYBVARBINARY:
                                          case SYBIMAGE:
+ /* result is hex string */
+ res_length = (dat_length * 2) + 4;
                                                  break;
***************
*** 650,652 ****
                                                  /* take no chances, no telling how big the result would really be */
! res_length += 20;
                                                  break;
--- 654,656 ----
                                                  /* take no chances, no telling how big the result would really be */
! res_length += 40;
                                                  break;
***************
*** 655,657 ****
                                  res_buf = (char *) emalloc(res_length+1);
! dbconvert(NULL,coltype(offset),dbdata(sybase_ptr->link,offset), res_length,SYBCHAR,res_buf,-1);

--- 659,661 ----
                                  res_buf = (char *) emalloc(res_length+1);
! res_length = dbconvert(NULL,coltype(offset),dbdata(sybase_ptr->link,offset), dat_length,SYBCHAR,res_buf,-1);

---- cut ----

A Happy new year!

Bernd

--
PHP Development Mailing List   http://www.php.net/
To unsubscribe send an empty message to php-dev-unsubscribe <email protected>
For help: php-dev-help <email protected>

Next message: Michael Brennen: "Re: [PHP-DEV] Another latest CVS problem"
Previous message: sas: "[PHP-DEV] CVS update: php3/functions"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]