Check the return value of dbconvert() in mssql_guid_string(), as it may return -1 in case the conversion failed. In that case false is returned.

Also initialize buffer and buffer2 to NULL, which should fix bug #72039 (Use of uninitialised value on mssql_guid_string).

This only applies to 5.6, as we do not have mssql in 7.0 anymore

Author: KalleZ

NEWS

@@ -2,6 +2,9 @@ PHP                                                                        NEWS
 |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
 ?? ??? 2016, PHP 5.6.26
 
+- MSSQL:
+  . Fixed bug #72039 (Use of uninitialised value on mssql_guid_string). (Kalle)
+
 18 Aug 2016, PHP 5.6.25
 
 - Core:

ext/mssql/php_mssql.c

@@ -2235,21 +2235,24 @@ PHP_FUNCTION(mssql_guid_string)
 	char *binary;
 	int binary_len;
 	zend_bool sf = 0;
-	char buffer[32+1];
-	char buffer2[36+1];
+	char buffer[32+1] = NULL;
 
 	if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "s|b", &binary, &binary_len, &sf) == FAILURE) {
 		return;
 	}
 
-	dbconvert(NULL, SQLBINARY, (BYTE*) binary, MIN(16, binary_len), SQLCHAR, buffer, -1);
+	if (dbconvert(NULL, SQLBINARY, (BYTE*) binary, MIN(16, binary_len), SQLCHAR, buffer, (DBINT) -1) == -1) {
+		php_error_docref(NULL TSRMLS_CC, E_WARNING, "could not convert binary string to GUID string");
+		RETURN_FALSE;
+	}
 
 	if (sf) {
 		php_strtoupper(buffer, 32);
 		RETURN_STRING(buffer, 1);
-	}
-	else {
+	} else {
 		int i;
+		char buffer2[36+1] = NULL;
+
 		/* FIXME this works only on little endian machine */
 		for (i=0; i<4; i++) {
 			buffer2[2*i] = buffer[6-2*i];