Commit c9cc472e135 for php.net

commit c9cc472e13513711655ed4da6c21dd52e42cdb99
Merge: d341eb74fbc 9b6f83e1bb6
Author: Calvin Buckley <calvinb@php.net>
Date:   Mon Apr 13 13:47:55 2026 -0300

    Merge branch 'PHP-8.4' into PHP-8.5

    * PHP-8.4:
      ext/pdo_odbc: Require non-empty string when building string buffer (#21652)

diff --cc ext/pdo_odbc/odbc_stmt.c
index 8e27d27173c,c114f721a7a..940cf1209b1
--- a/ext/pdo_odbc/odbc_stmt.c
+++ b/ext/pdo_odbc/odbc_stmt.c
@@@ -721,14 -703,14 +721,14 @@@ static int odbc_stmt_get_col(pdo_stmt_
  				}

  				/* resize output buffer and reassemble block */
 -				if (rc==SQL_SUCCESS_WITH_INFO || (rc==SQL_SUCCESS && C->fetched_len > 255)) {
 +				if (rc==SQL_SUCCESS_WITH_INFO || (rc==SQL_SUCCESS && C->fetched_len > to_fetch_len)) {
  					/* point 5, in section "Retrieving Data with SQLGetData" in http://msdn.microsoft.com/en-us/library/windows/desktop/ms715441(v=vs.85).aspx
 -					 states that if SQL_SUCCESS_WITH_INFO, fetched_len will be > 255 (greater than buf2's size)
 -					 (if a driver fails to follow that and wrote less than 255 bytes to buf2, this will AV or read garbage into buf) */
 -					str = zend_string_realloc(str, used + 256, 0);
 -					memcpy(ZSTR_VAL(str) + used, buf2, 256);
 -					used = used + 255;
 +					 states that if SQL_SUCCESS_WITH_INFO, fetched_len will be > n (greater than buf2's size)
 +					 (if a driver fails to follow that and wrote less than n bytes to buf2, this will AV or read garbage into buf) */
 +					str = zend_string_realloc(str, used + to_fetch_byte, 0);
 +					memcpy(ZSTR_VAL(str) + used, buf2, to_fetch_byte);
 +					used = used + to_fetch_len;
- 				} else if (rc==SQL_SUCCESS) {
+ 				} else if (rc == SQL_SUCCESS && C->fetched_len != 0) {
  					str = zend_string_realloc(str, used + C->fetched_len, 0);
  					memcpy(ZSTR_VAL(str) + used, buf2, C->fetched_len);
  					used = used + C->fetched_len;