File php7-CVE-2022-31631.patch of Package php7.27849
Index: php-7.2.34/ext/pdo_sqlite/sqlite_driver.c
===================================================================
--- php-7.2.34.orig/ext/pdo_sqlite/sqlite_driver.c
+++ php-7.2.34/ext/pdo_sqlite/sqlite_driver.c
@@ -236,6 +236,9 @@ static char *pdo_sqlite_last_insert_id(p
/* NB: doesn't handle binary strings... use prepared stmts for that */
static int sqlite_handle_quoter(pdo_dbh_t *dbh, const char *unquoted, size_t unquotedlen, char **quoted, size_t *quotedlen, enum pdo_param_type paramtype )
{
+ if (unquotedlen > (INT_MAX - 3) / 2) {
+ return 0;
+ }
*quoted = safe_emalloc(2, unquotedlen, 3);
sqlite3_snprintf(2*unquotedlen + 3, *quoted, "'%q'", unquoted);
*quotedlen = strlen(*quoted);
Index: php-7.2.34/ext/pdo/pdo_sql_parser.re
===================================================================
--- php-7.2.34.orig/ext/pdo/pdo_sql_parser.re
+++ php-7.2.34/ext/pdo/pdo_sql_parser.re
@@ -233,6 +233,13 @@ safe:
if (buf) {
zend_string_release(buf);
}
+ if (plc->quoted == NULL) {
+ /* bork */
+ ret = -1;
+ strncpy(stmt->error_code, stmt->dbh->error_code, 6);
+ goto clean_up;
+ }
+
} else {
pdo_raise_impl_error(stmt->dbh, stmt, "HY105", "Expected a stream resource");
ret = -1;