"Thies C. Arntzen" <[EMAIL PROTECTED]> writes:
> diff -u -w -r1.95 pdo_stmt.c
> --- ext/pdo/pdo_stmt.c 24 Mar 2005 12:32:06 -0000 1.95
> +++ ext/pdo/pdo_stmt.c 25 Mar 2005 13:13:18 -0000
> @@ -242,6 +242,13 @@
>
> hash = is_param ? stmt->bound_params : stmt->bound_columns;
>
> + if (param->name) {
> + if (param->name[0] == ':') {
> + param->name = param->name + 1;
Sanity check...
Without researching thoroughly, this "appears" to warrant further inspection.
The field param->name is clearly a pointer since you're able to increment it.
It seems likely, then, that param->name was dynamically allocated. If that's
not the case, then you can stop reading. If it is, though, then by
incrementing param->name, what happens when param->name is freed? I didn't
see any place in the patch where it is marked as having been incremented nor
anyplace where it is decremented in order to be freed.
Cheers,
Derrell
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
