You've already forked mariadb-connector-c
mirror of
https://github.com/mariadb-corporation/mariadb-connector-c.git
synced 2025-08-07 02:42:49 +03:00
Fixed for MDEV-26761:
If mariadb_stmt_execute_direct fails, we need to set the number of parameters (obtained by response packet of mysql_stmt_prepare) back to the number of prebinded parameters to avoid memory overrun. This fix also includes several adress-sanitizer bugs in unit tests of Connector/C.
This commit is contained in:
Georg Richter
@@ -925,7 +925,7 @@ static int bulk_null_null(MYSQL *mysql)
|
||||
rc= mysql_stmt_prepare(stmt, "INSERT INTO bulk_null VALUES (?,?,?,?,?)", -1);
|
||||
check_stmt_rc(rc, stmt);
|
||||
|
||||
memset(bind, 0, sizeof(MYSQL_BIND)*2);
|
||||
memset(bind, 0, sizeof(MYSQL_BIND)*5);
|
||||
|
||||
rc= mysql_stmt_attr_set(stmt, STMT_ATTR_ARRAY_SIZE, &array_size);
|
||||
check_stmt_rc(rc, stmt);
|
||||
@@ -1011,6 +1011,7 @@ static int test_mdev16593(MYSQL *mysql)
|
||||
diag("waiting for server fix");
|
||||
return SKIP;
|
||||
|
||||
memset(&bind, 0, 2 * sizeof(MYSQL_BIND));
|
||||
for (i=0; i < 3; i++)
|
||||
{
|
||||
MYSQL_RES *res;
|
||||
@@ -1018,8 +1019,6 @@ static int test_mdev16593(MYSQL *mysql)
|
||||
MYSQL_STMT *stmt= mysql_stmt_init(mysql);
|
||||
rc= mysql_query(mysql, "CREATE OR REPLACE TABLE t1 (a int not null auto_increment primary key, b int)");
|
||||
check_mysql_rc(rc, mysql);
|
||||
|
||||
memset(&bind, 0, sizeof(MYSQL_BIND));
|
||||
switch (i) {
|
||||
case 0:
|
||||
bind[0].buffer_type= MYSQL_TYPE_LONG;
|
||||
|
||||
@@ -1060,7 +1060,7 @@ static int test_read_timeout(MYSQL *unused __attribute__((unused)))
|
||||
|
||||
return OK;
|
||||
}
|
||||
|
||||
#if __has_feature(memory_sanitizer)
|
||||
#ifdef HAVE_REMOTEIO
|
||||
void *remote_plugin;
|
||||
static int test_remote1(MYSQL *mysql)
|
||||
@@ -1126,6 +1126,7 @@ static int test_remote2(MYSQL *my)
|
||||
return OK;
|
||||
}
|
||||
#endif
|
||||
#endif
|
||||
|
||||
#ifndef _WIN32
|
||||
static int test_mdev12965(MYSQL *unused __attribute__((unused)))
|
||||
@@ -1494,6 +1495,7 @@ static int test_sslenforce(MYSQL *unused __attribute__((unused)))
|
||||
}
|
||||
#endif
|
||||
|
||||
#if !__has_feature(memory_sanitizer)
|
||||
static int test_conc457(MYSQL *mysql)
|
||||
{
|
||||
MYSQL_RES *result;
|
||||
@@ -1506,6 +1508,7 @@ static int test_conc457(MYSQL *mysql)
|
||||
mysql_free_result(result);
|
||||
return OK;
|
||||
}
|
||||
#endif
|
||||
|
||||
static int test_conc458(MYSQL *my __attribute__((unused)))
|
||||
{
|
||||
@@ -1518,7 +1521,9 @@ static int test_conc458(MYSQL *my __attribute__((unused)))
|
||||
|
||||
struct my_tests_st my_tests[] = {
|
||||
{"test_conc458", test_conc458, TEST_CONNECTION_NONE, 0, NULL, NULL},
|
||||
#if !__has_feature(memory_sanitizer)
|
||||
{"test_conc457", test_conc457, TEST_CONNECTION_DEFAULT, 0, NULL, NULL},
|
||||
#endif
|
||||
{"test_conc384", test_conc384, TEST_CONNECTION_NONE, 0, NULL, NULL},
|
||||
#ifndef _WIN32
|
||||
{"test_mdev12965", test_mdev12965, TEST_CONNECTION_DEFAULT, 0, NULL, NULL},
|
||||
@@ -1529,9 +1534,11 @@ struct my_tests_st my_tests[] = {
|
||||
{"test_server_status", test_server_status, TEST_CONNECTION_DEFAULT, 0, NULL, NULL},
|
||||
{"test_read_timeout", test_read_timeout, TEST_CONNECTION_DEFAULT, 0, NULL, NULL},
|
||||
{"test_zerofill", test_zerofill, TEST_CONNECTION_DEFAULT, 0, NULL, NULL},
|
||||
#if !__has_feature(memory_sanitizer)
|
||||
#ifdef HAVE_REMOTEIO
|
||||
{"test_remote1", test_remote1, TEST_CONNECTION_NEW, 0, NULL, NULL},
|
||||
{"test_remote2", test_remote2, TEST_CONNECTION_NEW, 0, NULL, NULL},
|
||||
#endif
|
||||
#endif
|
||||
{"test_get_info", test_get_info, TEST_CONNECTION_DEFAULT, 0, NULL, NULL},
|
||||
{"test_conc117", test_conc117, TEST_CONNECTION_DEFAULT, 0, NULL, NULL},
|
||||
|
||||
@@ -5345,7 +5345,146 @@ static int test_conc566(MYSQL *mysql)
|
||||
return OK;
|
||||
}
|
||||
|
||||
#define MDEV19838_MAX_PARAM_COUNT 32
|
||||
#define MDEV19838_FIELDS_COUNT 17
|
||||
|
||||
static int test_mdev19838(MYSQL *mysql)
|
||||
{
|
||||
int rc;
|
||||
MYSQL_BIND bind[MDEV19838_MAX_PARAM_COUNT];
|
||||
unsigned int i, paramCount = 1;
|
||||
char charvalue[] = "012345678901234567890123456789012345";
|
||||
MYSQL_STMT *stmt;
|
||||
|
||||
rc = mysql_query(mysql, "CREATE temporary TABLE mdev19838("
|
||||
"f1 char(36),"
|
||||
"f2 char(36),"
|
||||
"f3 char(36),"
|
||||
"f4 char(36),"
|
||||
"f5 char(36),"
|
||||
"f6 char(36),"
|
||||
"f7 char(36),"
|
||||
"f8 char(36),"
|
||||
"f9 char(36),"
|
||||
"f10 char(36),"
|
||||
"f11 char(36),"
|
||||
"f12 char(36),"
|
||||
"f13 char(36),"
|
||||
"f14 char(36),"
|
||||
"f15 char(36),"
|
||||
"f16 char(36),"
|
||||
"f17 char(36)"
|
||||
")");
|
||||
check_mysql_rc(rc, mysql);
|
||||
|
||||
stmt = mysql_stmt_init(mysql);
|
||||
|
||||
memset(bind, 0, sizeof(bind));
|
||||
|
||||
for (i = 0; i < MDEV19838_MAX_PARAM_COUNT; ++i)
|
||||
{
|
||||
bind[i].buffer = charvalue;
|
||||
bind[i].buffer_type = MYSQL_TYPE_STRING;
|
||||
bind[i].buffer_length = strlen(charvalue) + 1;
|
||||
bind[i].length = &bind[i].length_value;
|
||||
bind[i].length_value = bind[i].buffer_length - 1;
|
||||
}
|
||||
|
||||
for (paramCount = 1; paramCount < MDEV19838_FIELDS_COUNT; ++paramCount)
|
||||
{
|
||||
mysql_stmt_attr_set(stmt, STMT_ATTR_PREBIND_PARAMS, ¶mCount);
|
||||
|
||||
rc = mysql_stmt_bind_param(stmt, bind);
|
||||
check_stmt_rc(rc, stmt);
|
||||
|
||||
rc = mariadb_stmt_execute_direct(stmt, "INSERT INTO mdev19838"
|
||||
"(f1, f2, f3, f4, f5, f6, f7, f8, f9, f10, f11, f12, f13, f14, f15, f16, f17)"
|
||||
" VALUES "
|
||||
"(?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)", -1);
|
||||
|
||||
/* Expecting an error */
|
||||
FAIL_UNLESS(rc != 0, "rc!=0");
|
||||
|
||||
mysql_stmt_close(stmt);
|
||||
stmt = mysql_stmt_init(mysql);
|
||||
}
|
||||
|
||||
paramCount = 0;
|
||||
mysql_stmt_attr_set(stmt, STMT_ATTR_PREBIND_PARAMS, ¶mCount);
|
||||
rc = mariadb_stmt_execute_direct(stmt, "INSERT INTO mdev19838(f1)"
|
||||
" VALUES (?)", -1);
|
||||
/* Expecting an error */
|
||||
FAIL_UNLESS(rc != 0, "rc!=0");
|
||||
mysql_stmt_close(stmt);
|
||||
|
||||
stmt = mysql_stmt_init(mysql);
|
||||
/* Correct number of parameters */
|
||||
paramCount = MDEV19838_FIELDS_COUNT;
|
||||
mysql_stmt_attr_set(stmt, STMT_ATTR_PREBIND_PARAMS, ¶mCount);
|
||||
mysql_stmt_bind_param(stmt, bind);
|
||||
|
||||
rc = mariadb_stmt_execute_direct(stmt, "INSERT INTO mdev19838"
|
||||
"(f1, f2, f3, f4, f5, f6, f7, f8, f9, f10, f11, f12, f13, f14, f15, f16, f17)"
|
||||
" VALUES "
|
||||
"(?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)", -1);
|
||||
check_stmt_rc(rc, stmt);
|
||||
|
||||
/* MYSQL_TYPE_TINY = 1. This parameter byte can be read as "parameters send" flag byte.
|
||||
Checking that wrong packet is still detected */
|
||||
bind[0].buffer_type = MYSQL_TYPE_TINY;
|
||||
bind[0].length_value = 1;
|
||||
bind[0].buffer_length = 1;
|
||||
|
||||
for (paramCount = 8; paramCount > 0; --paramCount)
|
||||
{
|
||||
mysql_stmt_close(stmt);
|
||||
stmt = mysql_stmt_init(mysql);
|
||||
|
||||
mysql_stmt_attr_set(stmt, STMT_ATTR_PREBIND_PARAMS, ¶mCount);
|
||||
|
||||
rc = mysql_stmt_bind_param(stmt, bind);
|
||||
|
||||
rc = mariadb_stmt_execute_direct(stmt, "INSERT INTO mdev19838"
|
||||
"(f1, f2, f3, f4, f5, f6, f7, f8, f9)"
|
||||
" VALUES "
|
||||
"(?, ?, ?, ?, ?, ?, ?, ?, ?)", -1);
|
||||
|
||||
/* Expecting an error */
|
||||
FAIL_UNLESS(rc != 0, "rc");
|
||||
}
|
||||
|
||||
/* Test of query w/out parameters, with parameter sent and not sent */
|
||||
for (paramCount = MDEV19838_MAX_PARAM_COUNT; paramCount != (unsigned int)-1; --paramCount)
|
||||
{
|
||||
mysql_stmt_close(stmt);
|
||||
stmt = mysql_stmt_init(mysql);
|
||||
|
||||
mysql_stmt_attr_set(stmt, STMT_ATTR_PREBIND_PARAMS, ¶mCount);
|
||||
|
||||
if (paramCount > 0)
|
||||
{
|
||||
rc = mysql_stmt_bind_param(stmt, bind);
|
||||
check_stmt_rc(rc, stmt);
|
||||
}
|
||||
|
||||
rc = mariadb_stmt_execute_direct(stmt, "INSERT INTO mdev19838"
|
||||
"(f1)"
|
||||
" VALUES "
|
||||
"(0x1111111111111111)", -1);
|
||||
|
||||
/*
|
||||
We allow junk at the end of the packet in case of
|
||||
no parameters. So it will succeed.
|
||||
*/
|
||||
FAIL_UNLESS(rc == 0, "");
|
||||
}
|
||||
|
||||
mysql_stmt_close(stmt);
|
||||
return OK;
|
||||
}
|
||||
|
||||
struct my_tests_st my_tests[] = {
|
||||
{"test_mdev19838", test_mdev19838, TEST_CONNECTION_DEFAULT, 0, NULL, NULL},
|
||||
{"test_conc566", test_conc566, TEST_CONNECTION_DEFAULT, 0, NULL, NULL},
|
||||
{"test_conc512", test_conc512, TEST_CONNECTION_DEFAULT, 0, NULL, NULL},
|
||||
{"test_conc504", test_conc504, TEST_CONNECTION_DEFAULT, 0, NULL, NULL},
|
||||
|
||||
@@ -206,7 +206,7 @@ static int test_view_2where(MYSQL *mysql)
|
||||
" AENAME,T0001.DEPENDVARS AS DEPENDVARS,T0001.INACTIVE AS "
|
||||
" INACTIVE from LTDX T0001 where (T0001.SRTF2 = 0)");
|
||||
check_mysql_rc(rc, mysql);
|
||||
memset(my_bind, '\0', sizeof(MYSQL_BIND));
|
||||
memset(my_bind, '\0', 8 * sizeof(MYSQL_BIND));
|
||||
for (i=0; i < 8; i++) {
|
||||
strcpy(params[i], "1");
|
||||
my_bind[i].buffer_type = MYSQL_TYPE_VAR_STRING;
|
||||
@@ -257,7 +257,7 @@ static int test_view_star(MYSQL *mysql)
|
||||
check_mysql_rc(rc, mysql);
|
||||
rc= mysql_query(mysql, "CREATE VIEW vt1 AS SELECT a FROM t1");
|
||||
check_mysql_rc(rc, mysql);
|
||||
memset(my_bind, '\0', sizeof(MYSQL_BIND));
|
||||
memset(my_bind, '\0', 8 * sizeof(MYSQL_BIND));
|
||||
for (i= 0; i < 2; i++) {
|
||||
sprintf((char *)¶ms[i], "%d", i);
|
||||
my_bind[i].buffer_type = MYSQL_TYPE_VAR_STRING;
|
||||
@@ -438,7 +438,7 @@ static int test_view_insert_fields(MYSQL *mysql)
|
||||
memset(my_bind, '\0', sizeof(my_bind));
|
||||
for (i= 0; i < 11; i++)
|
||||
{
|
||||
l[i]= 20;
|
||||
l[i]= 2;
|
||||
my_bind[i].buffer_type= MYSQL_TYPE_STRING;
|
||||
my_bind[i].is_null= 0;
|
||||
my_bind[i].buffer= (char *)&parm[i];
|
||||
|
||||
Reference in New Issue
Block a user