File php-5.3.5-CVE-2012-0788.patch of Package php5

http://svn.php.net/viewvc/?view=revision&revision=317272
--- ext/pdo/pdo_stmt.c	2011/09/25 12:14:09	317271
+++ ext/pdo/pdo_stmt.c	2011/09/25 12:39:05	317272
@@ -2351,6 +2351,7 @@
 }
 
 zend_object_handlers pdo_dbstmt_object_handlers;
+static int pdo_row_serialize(zval *object, unsigned char **buffer, zend_uint *buf_len, zend_serialize_data *data TSRMLS_DC);
 
 void pdo_stmt_init(TSRMLS_D)
 {
@@ -2374,6 +2375,7 @@
 	pdo_row_ce = zend_register_internal_class(&ce TSRMLS_CC);
 	pdo_row_ce->ce_flags |= ZEND_ACC_FINAL_CLASS; /* when removing this a lot of handlers need to be redone */
 	pdo_row_ce->create_object = pdo_row_new;
+	pdo_row_ce->serialize = pdo_row_serialize;
 }
 
 static void free_statement(pdo_stmt_t *stmt TSRMLS_DC)
@@ -2796,6 +2798,12 @@
 	retval.handlers = &pdo_row_object_handlers;
 
 	return retval;
+}
+
+static int pdo_row_serialize(zval *object, unsigned char **buffer, zend_uint *buf_len, zend_serialize_data *data TSRMLS_DC)
+{
+	php_error_docref(NULL TSRMLS_CC, E_WARNING, "PDORow instances may not be serialized");
+	return FAILURE;
 }
 /* }}} */

openSUSE Build Service is sponsored by