Merge branch 'PHP-7.3'

adambaratz · adambaratz · commit 2c3b1767e264 · 2018-11-26T10:37:42.000-05:00
* PHP-7.3:
  Check column number before trying to fetch the value
diff --git a/ext/pdo/pdo_stmt.c b/ext/pdo/pdo_stmt.c
@@ -530,6 +530,13 @@ static inline void fetch_value(pdo_stmt_t *stmt, zval *dest, int colno, int *typ
 	int caller_frees = 0;
 	int type, new_type;
 
+	if (colno < 0 || colno >= stmt->column_count) {
+		pdo_raise_impl_error(stmt->dbh, stmt, "HY000", "Invalid column index");
+		ZVAL_FALSE(dest);
+
+		return;
+	}
+
 	col = &stmt->columns[colno];
 	type = PDO_PARAM_TYPE(col->param_type);
 	new_type =  type_override ? (int)PDO_PARAM_TYPE(*type_override) : type;
diff --git a/ext/pdo/tests/pdo_038.phpt b/ext/pdo/tests/pdo_038.phpt
@@ -0,0 +1,45 @@
+--TEST--
+PDOStatement::fetchColumn() invalid column index
+--SKIPIF--
+<?php # vim:ft=php
+if (!extension_loaded('pdo')) die('skip');
+$dir = getenv('REDIR_TEST_DIR');
+if (false == $dir) die('skip no driver');
+require_once $dir . 'pdo_test.inc';
+PDOTest::skip();
+?>
+--FILE--
+<?php
+if (getenv('REDIR_TEST_DIR') === false) putenv('REDIR_TEST_DIR='.dirname(__FILE__) . '/../../pdo/tests/');
+require_once getenv('REDIR_TEST_DIR') . 'pdo_test.inc';
+
+function fetchColumn($stmt, $index) {
+    $stmt->execute();
+    return $stmt->fetchColumn($index);
+}
+
+$conn  = PDOTest::factory();
+$query = 'SELECT 1';
+
+switch ($conn->getAttribute(PDO::ATTR_DRIVER_NAME)) {
+    case 'oci':
+        $query .= ' FROM DUAL';
+        break;
+    case 'firebird':
+        $query .= ' FROM RDB$DATABASE';
+        break;
+}
+
+$stmt = $conn->prepare($query);
+
+var_dump(fetchColumn($stmt, -1));
+var_dump(fetchColumn($stmt, 0));
+var_dump(fetchColumn($stmt, 1));
+?>
+--EXPECTF--
+Warning: PDOStatement::fetchColumn(): SQLSTATE[HY000]: General error: Invalid column index in %s
+bool(false)
+string(1) "1"
+
+Warning: PDOStatement::fetchColumn(): SQLSTATE[HY000]: General error: Invalid column index in %s
+bool(false)
