|
|
| Applications |
| Mailing Lists |
| Miscellaneous |
| Operating Systems |
| Programming |
PHP mysqlnd svn commit: r484 - in trunk: mysqlnd php5/ext/mysqli php6/ext/mysqli tests/ext/mysqli
From: <ahristov(at)mysql.com>
Date: Mon Jun 25 2007 - 14:32:10 EDT
Fix us not to allow server crash, when the server is debug compiled (triggering an assert). Is it still good to be able to trigger it with libmysql? Please! Don't run debug built mysqld, if you care about your data ;)
-
+/*
Date: Mon Jun 25 2007 - 14:32:10 EDT
Author: ahristov
Date: 2007-06-25 20:32:10 +0200 (Mon, 25 Jun 2007)
New Revision: 484
Modified:
trunk/mysqlnd/mysqlnd.c trunk/mysqlnd/mysqlnd.h trunk/mysqlnd/mysqlnd_loaddata.c trunk/mysqlnd/mysqlnd_result.c trunk/php5/ext/mysqli/mysqli.c trunk/php6/ext/mysqli/mysqli.c trunk/tests/ext/mysqli/mysqli_set_local_infile_handler_bad_character.phptLog:
Fix us not to allow server crash, when the server is debug compiled (triggering an assert). Is it still good to be able to trigger it with libmysql? Please! Don't run debug built mysqld, if you care about your data ;)
Fix also usage of initialized memory in some cases. Now the test case is valgrind clean.
Modified: trunk/mysqlnd/mysqlnd.c
- trunk/mysqlnd/mysqlnd.c 2007-06-25 17:40:27 UTC (rev 483)
+++ trunk/mysqlnd/mysqlnd.c 2007-06-25 18:32:10 UTC (rev 484)
@@ -866,6 +866,11 @@
conn->tmp_int? TRUE : FALSE TSRMLS_CC); /* Do nothing */ break; + case CONN_SENDING_LOAD_DATA: + /* + Don't send COM_QUIT if we are in a middle of a LOAD DATA or we + will crash (assert) a debug server. + */ case CONN_NEXT_RESULT_PENDING: case CONN_QUERY_SENT: case CONN_FETCHING_DATA:
Modified: trunk/mysqlnd/mysqlnd.h
- trunk/mysqlnd/mysqlnd.h 2007-06-25 17:40:27 UTC (rev 483)
+++ trunk/mysqlnd/mysqlnd.h 2007-06-25 18:32:10 UTC (rev 484)
@@ -65,6 +65,7 @@
CONN_ALLOCED = 0, CONN_READY, CONN_QUERY_SENT, + CONN_SENDING_LOAD_DATA, CONN_FETCHING_DATA, CONN_NEXT_RESULT_PENDING, CONN_QUIT_SENT, /* object is "destroyed" at this stage */
Modified: trunk/mysqlnd/mysqlnd_loaddata.c
- trunk/mysqlnd/mysqlnd_loaddata.c 2007-06-25 17:40:27 UTC (rev 483)
+++ trunk/mysqlnd/mysqlnd_loaddata.c 2007-06-25 18:32:10 UTC (rev 484)
@@ -135,7 +135,7 @@
info->error_no = MYSQLND_EE_READ; rc = -1; } else { - memcpy(buf, Z_STRVAL_P(*callback_args[1]), rc); + memcpy(buf, Z_STRVAL_P(*callback_args[1]), MIN(rc, Z_STRLEN_P(*callback_args[1]))); } } else if (rc < 0) { strncpy(info->error_msg, Z_STRVAL_P(*callback_args[3]), MYSQLND_ERRMSG_SIZE);
Modified: trunk/mysqlnd/mysqlnd_result.c
- trunk/mysqlnd/mysqlnd_result.c 2007-06-25 17:40:27 UTC (rev 483)
+++ trunk/mysqlnd/mysqlnd_result.c 2007-06-25 18:32:10 UTC (rev 484)
@@ -258,8 +258,8 @@
case MYSQLND_NULL_LENGTH: { /* LOAD DATA LOCAL INFILE */ zend_bool is_warning; conn->last_query_type = QUERY_LOAD_LOCAL; + conn->state = CONN_SENDING_LOAD_DATA; ret = mysqlnd_handle_local_infile(conn, rset_header.info_or_local_file, &is_warning TSRMLS_CC); - conn->state = (ret == PASS || is_warning == TRUE)? CONN_READY:CONN_QUIT_SENT; MYSQLND_INC_CONN_STATISTIC(&conn->stats, STAT_NON_RSET_QUERY); break;
Modified: trunk/php5/ext/mysqli/mysqli.c
- trunk/php5/ext/mysqli/mysqli.c 2007-06-25 17:40:27 UTC (rev 483)
+++ trunk/php5/ext/mysqli/mysqli.c 2007-06-25 18:32:10 UTC (rev 484)
@@ -1252,15 +1252,14 @@
zval_ptr_dtor(&retval);
if (rc > 0) {
- if (rc > buf_len) {
+ if (rc > buf_len || Z_STRLEN_P(*callback_args[1]) > buf_len) {
/* check buffer overflow */
LOCAL_INFILE_ERROR_MSG(data->error_msg, "Read buffer too large");
rc = -1;
} else {
- memcpy(buf, Z_STRVAL_P(*callback_args[1]), rc);
+ memcpy(buf, Z_STRVAL_P(*callback_args[1]), MIN(rc, Z_STRLEN_P(*callback_args[1])));
}
- }
- if (rc < 0) {
+ } else if (rc < 0) {
LOCAL_INFILE_ERROR_MSG(data->error_msg, Z_STRVAL_P(*callback_args[3]));
}
} else {
Modified: trunk/php6/ext/mysqli/mysqli.c
- trunk/php6/ext/mysqli/mysqli.c 2007-06-25 17:40:27 UTC (rev 483)
+++ trunk/php6/ext/mysqli/mysqli.c 2007-06-25 18:32:10 UTC (rev 484)
@@ -1283,15 +1283,14 @@
zval_ptr_dtor(&retval);
if (rc > 0) {
- if (rc > buf_len) {
+ if (rc > buf_len || Z_STRLEN_P(*callback_args[1]) > buf_len) {
/* check buffer overflow */
LOCAL_INFILE_ERROR_MSG(data->error_msg, "Read buffer too large");
rc = -1;
} else {
- memcpy(buf, Z_STRVAL_P(*callback_args[1]), rc);
+ memcpy(buf, Z_STRVAL_P(*callback_args[1]), MIN(rc, Z_STRLEN_P(*callback_args[1])));
}
- }
- if (rc < 0) {
+ } else if (rc < 0) {
LOCAL_INFILE_ERROR_MSG(data->error_msg, Z_STRVAL_P(*callback_args[3]));
}
} else {
Modified: trunk/tests/ext/mysqli/mysqli_set_local_infile_handler_bad_character.phpt
- trunk/tests/ext/mysqli/mysqli_set_local_infile_handler_bad_character.phpt 2007-06-25 17:40:27 UTC (rev 483)
+++ trunk/tests/ext/mysqli/mysqli_set_local_infile_handler_bad_character.phpt 2007-06-25 18:32:10 UTC (rev 484)
@@ -14,14 +14,13 @@
function callback_bad_character($fp, &$buffer, $buflen, &$error) {
static $invocation = 0;
-
+ // Uncomment the following to crash the server
+// mysqli_close($GLOBALS['link']);
printf("Callback: %d\n", $invocation);
- $buffer = fread($fp, $buflen);
$buffer = '';
- for ($i = 0; $i < $buflen; $i++)
+ for ($i = 0; $i < $buflen/2; $i++)
$buffer .= chr(mt_rand(0, 255));
- die("remove this die() and you have a CPU burner that never ends");
- return $buflen;
+ return $invocation++ < 10? $buflen:0;
}
function try_handler($offset, $link, $file, $handler, $expected) {
@@ -52,7 +51,7 @@
printf("[%03d] [%d] %s\n", $offset + 3, mysqli_errno($link), mysqli_error($link));
return false;
}
-
+/*
foreach ($expected as $k => $values) {
if (!$tmp = mysqli_fetch_assoc($res)) {
printf("[%03d/%d] [%d] %s\n", $offset + 4, $k, mysqli_errno($link), mysqli_error($link));
@@ -73,8 +72,8 @@
}
if ($res && $tmp = mysqli_fetch_assoc($res))
- printf("[%03d] More results than expected!\n");
-
+ printf("More results than expected!\n");
+*/
if ($res)
mysqli_free_result($res);
@@ -107,4 +106,14 @@
--EXPECTF--
Callback set to 'callback_bad_character'
Callback: 0
-done!
\ No newline at end of file
+Callback: 1 +Callback: 2 +Callback: 3 +Callback: 4 +Callback: 5 +Callback: 6 +Callback: 7 +Callback: 8 +Callback: 9 +Callback: 10 +done!
-- MySQL Code Commits Mailing List For list archives: http://lists.mysql.com/commits To unsubscribe: http://lists.mysql.com/commits?unsub=lists@pantek.comReceived on Mon Jun 25 14:33:14 2007
This archive was generated by hypermail 2.1.8 : Mon Jun 25 2007 - 14:40:02 EDT
|
Contact Us Legal Notices Order Services Online Pantek Home Privacy Policy IT news Site Map Pantek Library |