ext/pdo: Prevent setting bogus default fetch modes from PDO::setAttribute()

Author: Girgias

ext/pdo/pdo_dbh.c

@@ -861,22 +861,19 @@ static bool pdo_dbh_attribute_set(pdo_dbh_t *dbh, zend_long attr, zval *value, u
 			return true;
 
 		case PDO_ATTR_DEFAULT_FETCH_MODE:
-			if (Z_TYPE_P(value) == IS_ARRAY) {
-				zval *tmp;
-				if ((tmp = zend_hash_index_find(Z_ARRVAL_P(value), 0)) != NULL && Z_TYPE_P(tmp) == IS_LONG) {
-					if (Z_LVAL_P(tmp) == PDO_FETCH_INTO || Z_LVAL_P(tmp) == PDO_FETCH_CLASS) {
-						zend_argument_value_error(value_arg_num, "PDO::FETCH_INTO and PDO::FETCH_CLASS cannot be set as the default fetch mode");
-						return false;
-					}
-				}
-				lval = zval_get_long(value);
-			} else {
-				if (!pdo_get_long_param(&lval, value)) {
-					return false;
-				}
+			if (!pdo_get_long_param(&lval, value)) {
+				return false;
+			}
+			if (!pdo_verify_fetch_mode(PDO_FETCH_USE_DEFAULT, lval, value_arg_num, false)) {
+				return false;
 			}
-			if (lval == PDO_FETCH_USE_DEFAULT) {
-				zend_argument_value_error(value_arg_num, "Fetch mode must be a bitmask of PDO::FETCH_* constants");
+			if (UNEXPECTED(
+				lval == PDO_FETCH_USE_DEFAULT
+				|| lval == PDO_FETCH_INTO
+				|| lval == PDO_FETCH_CLASS
+				|| lval == PDO_FETCH_FUNC
+			)) {
+				zend_argument_value_error(value_arg_num, "cannot set default fetch mode to PDO::FETCH_USE_DEFAULT, PDO::FETCH_INTO, PDO::FETCH_CLASS, or PDO::FETCH_FUNC");
 				return false;
 			}
 			dbh->default_fetch_type = lval;

ext/pdo/pdo_stmt.c

@@ -947,8 +947,7 @@ static bool do_fetch(pdo_stmt_t *stmt, zval *return_value, enum pdo_fetch_type h
 
 // TODO Error on the following cases:
 // Combining PDO_FETCH_UNIQUE and PDO_FETCH_GROUP
-// Reject $pdo->setAttribute(PDO::ATTR_DEFAULT_FETCH_MODE, value); bypass
-static bool pdo_verify_fetch_mode(uint32_t default_mode_and_flags, zend_long mode_and_flags, uint32_t mode_arg_num, bool fetch_all) /* {{{ */
+PDO_API bool pdo_verify_fetch_mode(uint32_t default_mode_and_flags, zend_long mode_and_flags, uint32_t mode_arg_num, bool fetch_all) /* {{{ */
 {
 	/* Mode must be a positive */
 	if (mode_and_flags < 0 || mode_and_flags >= PDO_FIRST_INVALID_FLAG) {

ext/pdo/php_pdo_driver.h

@@ -704,6 +704,8 @@ PDO_API void php_pdo_internal_construct_driver(INTERNAL_FUNCTION_PARAMETERS, zen
 PDO_API bool pdo_get_long_param(zend_long *lval, const zval *value);
 PDO_API bool pdo_get_bool_param(bool *bval, const zval *value);
 
+PDO_API bool pdo_verify_fetch_mode(uint32_t default_mode_and_flags, zend_long mode_and_flags, uint32_t mode_arg_num, bool fetch_all);
+
 PDO_API void pdo_throw_exception(unsigned int driver_errcode, char *driver_errmsg, pdo_error_type *pdo_error);
 
 /* When a GC cycle is collected, it's possible that the database object is destroyed prior to destroying

ext/pdo/tests/bug_38253.phpt

@@ -18,20 +18,32 @@ $pdo = PDOTest::factory();
 $pdo->exec ("create table test38253 (id integer primary key, n varchar(255))");
 $pdo->exec ("INSERT INTO test38253 (id, n) VALUES (1, 'hi')");
 
-$pdo->setAttribute (PDO::ATTR_DEFAULT_FETCH_MODE, PDO::FETCH_CLASS);
-$stmt = $pdo->prepare ("SELECT * FROM test38253");
-$stmt->execute();
-var_dump($stmt->fetchAll());
+try {
+    $pdo->setAttribute (PDO::ATTR_DEFAULT_FETCH_MODE, PDO::FETCH_CLASS);
+    $stmt = $pdo->prepare ("SELECT * FROM test38253");
+    $stmt->execute();
+    var_dump($stmt->fetchAll());
+} catch (\Throwable $e) {
+    echo $e::class, ': ', $e->getMessage(), \PHP_EOL;
+}
 
-$pdo->setAttribute (PDO::ATTR_DEFAULT_FETCH_MODE, PDO::FETCH_FUNC);
-$stmt = $pdo->prepare ("SELECT * FROM test38253");
-$stmt->execute();
-var_dump($stmt->fetchAll());
+try {
+    $pdo->setAttribute (PDO::ATTR_DEFAULT_FETCH_MODE, PDO::FETCH_FUNC);
+    $stmt = $pdo->prepare ("SELECT * FROM test38253");
+    $stmt->execute();
+    var_dump($stmt->fetchAll());
+} catch (\Throwable $e) {
+    echo $e::class, ': ', $e->getMessage(), \PHP_EOL;
+}
 
-$pdo->setAttribute (PDO::ATTR_DEFAULT_FETCH_MODE, PDO::FETCH_INTO);
-$stmt = $pdo->prepare ("SELECT * FROM test38253");
-$stmt->execute();
-var_dump($stmt->fetch());
+try {
+    $pdo->setAttribute (PDO::ATTR_DEFAULT_FETCH_MODE, PDO::FETCH_INTO);
+    $stmt = $pdo->prepare ("SELECT * FROM test38253");
+    $stmt->execute();
+    var_dump($stmt->fetch());
+} catch (\Throwable $e) {
+    echo $e::class, ': ', $e->getMessage(), \PHP_EOL;
+}
 
 ?>
 --CLEAN--
@@ -40,20 +52,7 @@ require_once getenv('REDIR_TEST_DIR') . 'pdo_test.inc';
 $db = PDOTest::factory();
 PDOTest::dropTableIfExists($db, "test38253");
 ?>
---EXPECTF--
-Warning: PDOStatement::fetchAll(): SQLSTATE[HY000]: General error: No fetch class specified in %s on line %d
-
-Warning: PDOStatement::fetchAll(): SQLSTATE[HY000]: General error in %s on line %d
-array(0) {
-}
-
-Warning: PDOStatement::fetchAll(): SQLSTATE[HY000]: General error: No fetch function specified in %s on line %d
-
-Warning: PDOStatement::fetchAll(): SQLSTATE[HY000]: General error in %s on line %d
-array(0) {
-}
-
-Warning: PDOStatement::fetch(): SQLSTATE[HY000]: General error: No fetch-into object specified. in %s on line %d
-
-Warning: PDOStatement::fetch(): SQLSTATE[HY000]: General error in %s on line %d
-bool(false)
+--EXPECT--
+ValueError: PDO::setAttribute(): Argument #2 ($value) cannot set default fetch mode to PDO::FETCH_USE_DEFAULT, PDO::FETCH_INTO, PDO::FETCH_CLASS, or PDO::FETCH_FUNC
+ValueError: PDO::setAttribute(): Argument #2 ($value) PDO::FETCH_FUNC can only be used with PDOStatement::fetchAll()
+ValueError: PDO::setAttribute(): Argument #2 ($value) cannot set default fetch mode to PDO::FETCH_USE_DEFAULT, PDO::FETCH_INTO, PDO::FETCH_CLASS, or PDO::FETCH_FUNC