From 5e27f69cbb66d7468645f337858c2b140274b4b6 Mon Sep 17 00:00:00 2001 From: Remi Collet Date: Mon, 19 Sep 2016 17:49:57 +0200 Subject: [PATCH] fix buffer overflow, raising segfault in pdo driver --- source/pdo_sqlsrv/pdo_dbh.cpp | 2 +- source/pdo_sqlsrv/pdo_stmt.cpp | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/source/pdo_sqlsrv/pdo_dbh.cpp b/source/pdo_sqlsrv/pdo_dbh.cpp index 20f996b..079eca0 100644 --- a/source/pdo_sqlsrv/pdo_dbh.cpp +++ b/source/pdo_sqlsrv/pdo_dbh.cpp @@ -361,7 +361,7 @@ struct pdo_dbh_methods pdo_sqlsrv_dbh_methods = { { \ pdo_sqlsrv_dbh* driver_dbh = reinterpret_cast( dbh->driver_data ); \ driver_dbh->set_func( __FUNCTION__ ); \ - int length = strlen(__FUNCTION__); \ + int length = strlen(__FUNCTION__)+strlen(": entering"); \ char func[length+1]; \ LOG( SEV_NOTICE, strcat(strcpy(func, __FUNCTION__), ": entering")); \ } diff --git a/source/pdo_sqlsrv/pdo_stmt.cpp b/source/pdo_sqlsrv/pdo_stmt.cpp index dc989f4..4486404 100644 --- a/source/pdo_sqlsrv/pdo_stmt.cpp +++ b/source/pdo_sqlsrv/pdo_stmt.cpp @@ -339,7 +339,7 @@ void stmt_option_emulate_prepares:: operator()( sqlsrv_stmt* stmt, stmt_option c { \ pdo_sqlsrv_stmt* driver_stmt = reinterpret_cast( stmt->driver_data ); \ driver_stmt->set_func( __FUNCTION__ ); \ - int length = strlen(__FUNCTION__); \ + int length = strlen(__FUNCTION__)+strlen(": entering"); \ char func[length+1]; \ LOG( SEV_NOTICE, strcat(strcpy(func, __FUNCTION__), ": entering")); \ } @@ -427,7 +427,7 @@ int pdo_sqlsrv_stmt_describe_col(pdo_stmt_t *stmt, int colno TSRMLS_DC) #else pdo_sqlsrv_stmt* driver_stmtt = reinterpret_cast( stmt->driver_data ); driver_stmtt->set_func( __FUNCTION__ ); - int length = strlen(__FUNCTION__); + int length = strlen(__FUNCTION__)+strlen(": entering"); char func[length+1]; LOG( SEV_NOTICE, strcat(strcpy(func, __FUNCTION__), ": entering")); #endif