Commit 3e5759522e9 for php.net

commit 3e5759522e94d3e01aa92f696f485517a3bca4ca
Merge: 257cb3a57e6 a02c0ce2421
Author: Ilija Tovilo <ilija.tovilo@me.com>
Date:   Wed May 6 13:04:27 2026 +0200

    Merge branch 'PHP-8.5'

    * PHP-8.5:
      GHSA-w476-322c-wpvm: [pdo_firebird] Fix SQL injection via NUL bytes in quoted strings

diff --cc ext/pdo_firebird/firebird_driver.c
index 8193132beaf,cb5db8e2538..c20969aac2b
--- a/ext/pdo_firebird/firebird_driver.c
+++ b/ext/pdo_firebird/firebird_driver.c
@@@ -293,9 -295,9 +293,9 @@@ static FbTokenType php_firebird_get_tok
  	return ret;
  }

- static int php_firebird_preprocess(const zend_string* sql, char* sql_out, HashTable* named_params)
+ static int php_firebird_preprocess(const zend_string* sql, char* sql_out, size_t* sql_out_len, HashTable* named_params)
  {
 -	bool passAsIs = 1, execBlock = 0;
 +	bool passAsIs = true, execBlock = false;
  	zend_long pindex = -1;
  	char pname[254], ident[253], ident2[253];
  	unsigned int l;
@@@ -349,10 -351,10 +349,10 @@@
  		if (l > 252) {
  			return 0;
  		}
- 		strncpy(ident2, i2, l);
+ 		memcpy(ident2, i2, l);
  		ident2[l] = '\0';
  		execBlock = !strcasecmp(ident2, "BLOCK");
 -		passAsIs = 0;
 +		passAsIs = false;
  	}
  	else
  	{
@@@ -453,8 -466,11 +464,10 @@@
  		case ttNone:
  			/* Execute statement preprocess SQL error */
  			return 0;
 -			break;
  		}
  	}
+ 	*sql_out_p = '\0';
+ 	*sql_out_len = sql_out_p - sql_out;
  	return 1;
  }