- Fixed bug #51609 (pg_copy_to: Invalid results when using fourth parameter)

2 files changed, 7 insertions, 2 deletions

diff --git a/NEWS b/NEWS
index 07f1ea2230..a19e122843 100644
--- a/NEWS
+++ b/NEWS
@@ -12,6 +12,8 @@ PHP                                                                        NEWS
 - Fixed a NULL pointer dereference when processing invalid XML-RPC
   requests (Fixes CVE-2010-0397, bug #51288). (Raphael Geissert)
 
+- Fixed bug #51609 (pg_copy_to: Invalid results when using fourth parameter).
+  (Felipe)
 - Fixed bug #51608 (pg_copy_to: WARNING: nonstandard use of \\ in a string
   literal). (cbandy at jbandy dot com)
 - Fixed bug #51445 (var_dump() invalid/slow *RECURSION* detection). (Felipe)
diff --git a/ext/pgsql/pgsql.c b/ext/pgsql/pgsql.c
index 042f81ff77..807ed3074b 100644
--- a/ext/pgsql/pgsql.c
+++ b/ext/pgsql/pgsql.c
@@ -3312,7 +3312,7 @@ PHP_FUNCTION(pg_copy_to)
 {
 	zval *pgsql_link;
 	char *table_name, *pg_delim = NULL, *pg_null_as = NULL;
-	int table_name_len, pg_delim_len, pg_null_as_len;
+	int table_name_len, pg_delim_len, pg_null_as_len, free_pg_null = 0;
 	char *query;
 	int id = -1;
 	PGconn *pgsql;
@@ -3339,6 +3339,7 @@ PHP_FUNCTION(pg_copy_to)
 
 	if (!pg_null_as) {
 		pg_null_as = safe_estrdup("\\\\N");
+		free_pg_null = 1;
 	}
 
 	if (memchr(table_name, '.', table_name_len)) {
@@ -3351,7 +3352,9 @@ PHP_FUNCTION(pg_copy_to)
 		PQclear(pgsql_result);
 	}
 	pgsql_result = PQexec(pgsql, query);
-	efree(pg_null_as);
+	if (free_pg_null) {
+		efree(pg_null_as);
+	}
 	efree(query);
 
 	if (pgsql_result) {