Skip to content
This repository was archived by the owner on May 16, 2018. It is now read-only.

Commit 8988a81

Browse files
DeroinDeroin
committed
Fix pcre segmentation fault in Zend_Db_Statement
1 parent 7e639c9 commit 8988a81

File tree

2 files changed

+19
-3
lines changed

2 files changed

+19
-3
lines changed

library/Zend/Db/Statement.php

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -191,13 +191,13 @@ protected function _stripQuoted($sql)
191191
if (!empty($q)) {
192192
$escapeChar = preg_quote($escapeChar);
193193
// this segfaults only after 65,000 characters instead of 9,000
194-
$sql = preg_replace("/$q([^$q{$escapeChar}]*|($qe)*)*$q/s", '', $sql);
194+
$sql = preg_replace("/$q(?:[^$q{$escapeChar}]*|(?:$qe)*)*$q/s", '', $sql);
195195
}
196196

197197
// get a version of the SQL statement with all quoted
198198
// values and delimited identifiers stripped out
199199
// remove "foo\"bar"
200-
$sql = preg_replace("/\"(\\\\\"|[^\"])*\"/Us", '', $sql);
200+
$sql = preg_replace("/\".*(?:(?!\\\\).)\"/Us", '', $sql);
201201

202202
// get the character for delimited id quotes,
203203
// this is usually " but in MySQL is `
@@ -209,7 +209,7 @@ protected function _stripQuoted($sql)
209209
$de = substr($de, 1, 2);
210210
$de = preg_quote($de);
211211
// Note: $de and $d where never used..., now they are:
212-
$sql = preg_replace("/$d($de|\\\\{2}|[^$d])*$d/Us", '', $sql);
212+
$sql = preg_replace("/$d(?:$de|\\\\{2}|[^$d])*$d/Us", '', $sql);
213213
return $sql;
214214
}
215215

tests/Zend/Db/Statement/MysqliTest.php

Lines changed: 16 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -149,6 +149,22 @@ public function testStripQuoted()
149149
$this->assertSame($out, $actual, $count . ' - unexpected output');
150150
}
151151
}
152+
153+
public function testStripQuotedForLongQuery()
154+
{
155+
$statementClass = 'Zend_Db_Statement_' . $this->getDriver();
156+
157+
$table = $this->_db->quoteIdentifier('zfproducts');
158+
$column = $this->_db->quoteIdentifier('product_name');
159+
160+
$sql = 'SELECT * FROM `zfproducts` WHERE `product_name` = "%s"';
161+
162+
$columnContent = str_repeat('a', 15000) . '\\"' . str_repeat('b', 15000);
163+
$sql = sprintf($sql, $columnContent);
164+
165+
$stmt = new $statementClass($this->_db, $sql);
166+
$this->assertNotNull($stmt->getDriverStatement());
167+
}
152168

153169
public function testStatementRowCount()
154170
{

0 commit comments

Comments
 (0)