Skip to content

fix(localization): critical memory safety bugs in encoding conversion #1555

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
SajanGhimire1 wants to merge 4 commits into
base: dev
Choose a base branch
from
Open

fix(localization): critical memory safety bugs in encoding conversion #1555

SajanGhimire1 wants to merge 4 commits into from

Conversation

@SajanGhimire1
Copy link

@SajanGhimire1 SajanGhimire1 commented Jan 9, 2026

CRITICAL FIXES:

  1. Fixed NULL pointer dereference in SystemLocale::NextChar()

    • Added NULL check to prevent crash when start pointer is NULL
    • Prevents DoS attack via malformed encoding input

  2. Fixed uninitialized pointer return in IConvCachePool::Borrow()

    • Explicitly set pCache to NULL after failed allocation
    • Prevents undefined behavior and potential memory corruption
    • Eliminates use-after-free/information disclosure risk

These memory safety vulnerabilities affect the SQL Server PHP driver when handling user-provided data with specific encoding conditions.

SajanGhimire1 and others added 2 commits January 9, 2026 08:05
@SajanGhimire1
fix(localization): critical memory safety bugs in encoding conversion
30393d5 
CRITICAL FIXES:
1. Fixed NULL pointer dereference in SystemLocale::NextChar()
   - Added NULL check to prevent crash when start pointer is NULL
   - Prevents DoS attack via malformed encoding input

2. Fixed uninitialized pointer return in IConvCachePool::Borrow()
   - Explicitly set pCache to NULL after failed allocation
   - Prevents undefined behavior and potential memory corruption
   - Eliminates use-after-free/information disclosure risk

These memory safety vulnerabilities affect the SQL Server PHP driver
when handling user-provided data with specific encoding conditions.
@jahnvi480
Merge branch 'dev' into patch-4
3dc7c94
@jahnvi480
Copy link
Contributor

jahnvi480 commented Jan 14, 2026

/azp run

@azure-pipelines
Copy link

azure-pipelines bot commented Jan 14, 2026

Azure Pipelines successfully started running 1 pipeline(s).

@jahnvi480
Copy link
Contributor

jahnvi480 commented Jan 14, 2026

@SajanGhimire1 Thanks for raising the PR for this fix, Can you please check why is the pipeline failing for all OSs and fix it, also I would like you to add some tests to check if the code that you have added really works.

@jahnvi480
Copy link
Contributor

jahnvi480 commented Jan 16, 2026

/azp run

@azure-pipelines
Copy link

azure-pipelines bot commented Jan 16, 2026

Azure Pipelines successfully started running 1 pipeline(s).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@SajanGhimire1 @jahnvi480