Hosting Provided By

PHP mysqlnd svn commit: r497 - in trunk: mysqlnd tests/ext/mysqli

From: <ahristov(at)mysql.com>
Date: Tue Jun 26 2007 - 08:34:04 EDT

Author: ahristov
Date: 2007-06-26 14:34:04 +0200 (Tue, 26 Jun 2007) New Revision: 497

Modified:

trunk/mysqlnd/mysqlnd_loaddata.c
trunk/tests/ext/mysqli/mysqli_set_local_infile_handler_buffer_overflow.phpt Log:
Putting more data into the buffer is a serios failure and we should abort, otherwise this will be a gotcha!

Modified: trunk/mysqlnd/mysqlnd_loaddata.c

trunk/mysqlnd/mysqlnd_loaddata.c 2007-06-26 12:06:42 UTC (rev 496) +++ trunk/mysqlnd/mysqlnd_loaddata.c 2007-06-26 12:34:04 UTC (rev 497) @@ -129,14 +129,24 @@ zval_ptr_dtor(&retval);

 			if (rc > 0) {
-				if (rc > buf_len || Z_STRLEN_P(*callback_args[1]) > buf_len) {

+				const char * msg = NULL;
+				if (rc >= 0 && rc != Z_STRLEN_P(*callback_args[1])) {
+					msg = "Mismatch between the return value of the callback and the content "
+						  "length of the buffer.";
+					php_error_docref(NULL TSRMLS_CC, E_WARNING, msg);
+					rc = -1;
+				} else if (Z_STRLEN_P(*callback_args[1]) > buf_len) {

 					/* check buffer overflow */
-					strcpy(info->error_msg, "Read buffer too small");
-					info->error_no = MYSQLND_EE_READ;

+					msg = "Buffer too small";

 					rc = -1;
 				} else {
 					memcpy(buf, Z_STRVAL_P(*callback_args[1]), MIN(rc, Z_STRLEN_P(*callback_args[1])));
 				}

+				if (rc == -1) {
+					php_error_docref(NULL TSRMLS_CC, E_WARNING, msg);
+					strcpy(info->error_msg, msg);
+					info->error_no = MYSQLND_EE_READ;
+				}

 			} else if (rc < 0) {
 				strncpy(info->error_msg, Z_STRVAL_P(*callback_args[3]), MYSQLND_ERRMSG_SIZE); 
 				info->error_no = MYSQLND_EE_READ;

Modified: trunk/tests/ext/mysqli/mysqli_set_local_infile_handler_buffer_overflow.phpt

trunk/tests/ext/mysqli/mysqli_set_local_infile_handler_buffer_overflow.phpt 2007-06-26 12:06:42 UTC (rev 496) +++ trunk/tests/ext/mysqli/mysqli_set_local_infile_handler_buffer_overflow.phpt 2007-06-26 12:34:04 UTC (rev 497) @@ -115,4 +115,8 @@ --EXPECTF-- Callback set to 'callback_buffer_overflow' Callback: 0 + +Warning: mysqli_query(): Buffer too small in %s on line %d +[022] LOAD DATA failed, [2] Buffer too small +[023] [2006] MySQL server has gone away done!

-- 
MySQL Code Commits Mailing List
For list archives: 
http://lists.mysql.com/commits
To unsubscribe:    
http://lists.mysql.com/commits?unsub=lists@pantek.com

Received on Tue Jun 26 08:34:10 2007

This message: [ Message body ]
Next message: uwendel(at)mysql.com: "PHP mysqlnd svn commit: r498 - trunk/tests/ext/mysqli"
Previous message: jon(at)mysql.com: "svn commit - mysqldoc@docsrva: r6912 - trunk/ndbapi"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Tue Jun 26 2007 - 08:40:01 EDT