Hello community, here is the log from the commit of package libdbi-drivers for openSUSE:Factory checked in at 2014-11-12 00:22:11 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/libdbi-drivers (Old) and /work/SRC/openSUSE:Factory/.libdbi-drivers.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libdbi-drivers" Changes: -------- --- /work/SRC/openSUSE:Factory/libdbi-drivers/libdbi-drivers.changes 2014-07-15 08:01:14.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.libdbi-drivers.new/libdbi-drivers.changes 2014-11-12 00:22:36.000000000 +0100 @@ -1,0 +2,7 @@ +Tue Nov 11 13:53:28 UTC 2014 - [email protected] + +- Update to new git snapshot 0.9.0+git51 +* Fixed an out-of-bounds access in dbd_mysql due to bad type + punning. [boo#904873] + +------------------------------------------------------------------- Old: ---- libdbi-drivers-0.9.0.g46.tar.xz New: ---- libdbi-drivers-0.9.0.g51.tar.xz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ libdbi-drivers.spec ++++++ --- /var/tmp/diff_new_pack.1Afqzn/_old 2014-11-12 00:22:37.000000000 +0100 +++ /var/tmp/diff_new_pack.1Afqzn/_new 2014-11-12 00:22:37.000000000 +0100 @@ -17,8 +17,8 @@ Name: libdbi-drivers -Version: 0.9.0.g46 -#Snapshot: libdbi-drivers-0.9.0-46-g0ee8394 +Version: 0.9.0.g51 +#Snapshot: libdbi-drivers-0.9.0-51-gfe23caa Release: 0 Summary: Database drivers for libdbi License: LGPL-2.1+ @@ -116,6 +116,7 @@ if [ ! -e configure ]; then autoreconf -fi fi +export CFLAGS="%optflags -O0 -ggdb3" %configure \ --with-freetds \ --with-mysql \ ++++++ libdbi-drivers-0.9.0.g46.tar.xz -> libdbi-drivers-0.9.0.g51.tar.xz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libdbi-drivers/drivers/mysql/dbd_mysql.c new/libdbi-drivers/drivers/mysql/dbd_mysql.c --- old/libdbi-drivers/drivers/mysql/dbd_mysql.c 2014-07-07 13:15:43.000000000 +0200 +++ new/libdbi-drivers/drivers/mysql/dbd_mysql.c 2014-11-11 14:53:10.000000000 +0100 @@ -204,7 +204,7 @@ if (timeout != -1) { /* option was specified */ /* the mysql_options prototype is braindead */ - mysql_options(mycon, MYSQL_OPT_CONNECT_TIMEOUT, (const char*) &timeout); + mysql_options(mycon, MYSQL_OPT_CONNECT_TIMEOUT, &timeout); } reconnect = dbi_conn_require_option_numeric(conn, "reconnect"); @@ -215,14 +215,14 @@ if (!mysql_real_connect(mycon, host, username, password, dbname, (unsigned int)n_port, unix_socket, client_flags)) { /* printf("mysql_real_connect failed with host=%s\nusername=%s\npassword=%s\ndbname=%s\nport=%s\n", username,password,dbname,port); */ - conn->connection = (void *)mycon; // still need this set so _error_handler can grab information + conn->connection = mycon; // still need this set so _error_handler can grab information _dbd_internal_error_handler(conn, NULL, DBI_ERROR_DBD); mysql_close(mycon); conn->connection = NULL; // myconn no longer valid return -2; } else { - conn->connection = (void *)mycon; + conn->connection = mycon; if (dbname) conn->current_db = strdup(dbname); } @@ -246,7 +246,7 @@ int dbd_disconnect(dbi_conn_t *conn) { if (conn->connection) { - mysql_close((MYSQL *)conn->connection); + mysql_close(conn->connection); /* added to resolve memory leak in threadsafe mysqlclient library: assume each thread has it's own connection */ if(mysql_thread_safe()) { mysql_thread_end(); @@ -271,7 +271,8 @@ } int dbd_free_query(dbi_result_t *result) { - if (result->result_handle) mysql_free_result((MYSQL_RES *)result->result_handle); + if (result->result_handle) + mysql_free_result(result->result_handle); return 0; } @@ -290,18 +291,18 @@ * calling function must therefore make sure the row index is * valid. */ - mysql_data_seek((MYSQL_RES *)result->result_handle, rowidx); + mysql_data_seek(result->result_handle, rowidx); } return 1; } int dbd_get_socket(dbi_conn_t *conn){ - MYSQL *mycon = (MYSQL*)conn->connection; + MYSQL *mycon = conn->connection; return mycon ? mycon->net.fd : -1; } const char *dbd_get_encoding(dbi_conn_t *conn){ - MYSQL *mycon = (MYSQL*)conn->connection; + MYSQL *mycon = conn->connection; const char* my_enc = NULL; const char* iana_enc = NULL; dbi_result dbires = NULL; @@ -520,7 +521,7 @@ size_t dbd_conn_quote_string(dbi_conn_t *conn, const char *orig, char *dest) { /* foo's -> 'foo\'s' */ unsigned long len; - MYSQL *mycon = (MYSQL*)conn->connection; + MYSQL *mycon = conn->connection; strcpy(dest, "'"); len = mysql_real_escape_string(mycon, dest+1, orig, strlen(orig)); @@ -531,8 +532,8 @@ size_t dbd_quote_binary(dbi_conn_t *conn, const unsigned char* orig, size_t from_length, unsigned char **ptr_dest) { unsigned char *temp; - unsigned long len; - MYSQL *mycon = (MYSQL*)conn->connection; + size_t len; + MYSQL *mycon = conn->connection; /* we allocate what mysql_real_escape_string needs, plus an extra two escape chars and a terminating zero*/ temp = malloc(2*from_length+1+2); @@ -541,11 +542,11 @@ return DBI_LENGTH_ERROR; } - strcpy((char *)temp, "'"); - len = mysql_real_escape_string(mycon, (char *)(temp+1), (const char *)orig, from_length); - strcpy((char *)(temp+len+1), "\'"); + strcpy(temp, "'"); + len = mysql_real_escape_string(mycon, temp + 1, orig, from_length); + strcpy(temp + len + 1, "\'"); *ptr_dest = temp; - return (size_t)len+2; + return len + 2; } dbi_result_t *dbd_query(dbi_conn_t *conn, const char *statement) { @@ -557,28 +558,28 @@ dbi_result_t *result; MYSQL_RES *res; - if (mysql_query((MYSQL *)conn->connection, statement)) { + if (mysql_query(conn->connection, statement)) { fprintf(stderr, "mysql error: %s\n", - mysql_error((MYSQL *)conn->connection)); + mysql_error(conn->connection)); return NULL; } - res = mysql_store_result((MYSQL *)conn->connection); + res = mysql_store_result(conn->connection); /* if res is null and mysql reports an error, we encountered a select failure */ - if (!res && mysql_errno((MYSQL *)conn->connection)) { + if (!res && mysql_errno(conn->connection)) { return NULL; } /* else: if res is null and no error is indicated, the query was something that doesn't return rows (like an INSERT) */ - result = _dbd_result_create(conn, (void *)res, (res ? mysql_num_rows(res) : 0), - mysql_affected_rows((MYSQL *)conn->connection)); + result = _dbd_result_create(conn, res, (res ? mysql_num_rows(res) : 0), + mysql_affected_rows(conn->connection)); if (res) { - _dbd_result_set_numfields(result, mysql_num_fields((MYSQL_RES *)result->result_handle)); + _dbd_result_set_numfields(result, mysql_num_fields(result->result_handle)); _get_field_info(result); } else { @@ -592,18 +593,18 @@ dbi_result_t *result; MYSQL_RES *res; - if (mysql_real_query((MYSQL *)conn->connection, (const char *)statement, st_length)) { + if (mysql_real_query(conn->connection, statement, st_length)) { return NULL; } - res = mysql_store_result((MYSQL *)conn->connection); + res = mysql_store_result(conn->connection); /* if res is null, the query was something that doesn't return rows (like an INSERT) */ - result = _dbd_result_create(conn, (void *)res, (res ? mysql_num_rows(res) : 0), - mysql_affected_rows((MYSQL *)conn->connection)); + result = _dbd_result_create(conn, res, (res ? mysql_num_rows(res) : 0), + mysql_affected_rows(conn->connection)); if (res) { - _dbd_result_set_numfields(result, mysql_num_fields((MYSQL_RES *)result->result_handle)); + _dbd_result_set_numfields(result, mysql_num_fields(result->result_handle)); _get_field_info(result); } @@ -695,7 +696,7 @@ } const char *dbd_select_db(dbi_conn_t *conn, const char *db) { - if (mysql_select_db((MYSQL *)conn->connection, db)) { + if (mysql_select_db(conn->connection, db)) { _dbd_internal_error_handler(conn, NULL, DBI_ERROR_DBD); return ""; } @@ -711,17 +712,17 @@ /* put error number into err_no, error string into errstr * return 0 if error, 1 if err_no filled, 2 if errstr filled, 3 if both err_no and errstr filled */ - if (strcmp("",mysql_error((MYSQL *)conn->connection)) == 0) { + if (strcmp("",mysql_error(conn->connection)) == 0) { return -1; } - *err_no = mysql_errno((MYSQL *)conn->connection); - *errstr = strdup(mysql_error((MYSQL *)conn->connection)); + *err_no = mysql_errno(conn->connection); + *errstr = strdup(mysql_error(conn->connection)); return 3; } unsigned long long dbd_get_seq_last(dbi_conn_t *conn, const char *sequence) { - return mysql_insert_id((MYSQL *)conn->connection); + return mysql_insert_id(conn->connection); } unsigned long long dbd_get_seq_next(dbi_conn_t *conn, const char *sequence) { @@ -729,7 +730,7 @@ } int dbd_ping(dbi_conn_t *conn) { - MYSQL *mysql = (MYSQL *)conn->connection; + MYSQL *mysql = conn->connection; if (mysql_ping(mysql) == 0) { // server is alive and kicking @@ -832,7 +833,7 @@ unsigned short fieldtype; unsigned int fieldattribs; - field = mysql_fetch_fields((MYSQL_RES *)result->result_handle); + field = mysql_fetch_fields(result->result_handle); while (idx < result->numfields) { _translate_mysql_type(&field[idx], &fieldtype, &fieldattribs); @@ -849,14 +850,14 @@ unsigned int curfield = 0; char *raw = NULL; - size_t *strsizes = NULL; + long *strsizes; unsigned int sizeattrib; dbi_data_t *data; _row = mysql_fetch_row(_res); if (_row == NULL) return; - strsizes = (size_t *)mysql_fetch_lengths(_res); + strsizes = mysql_fetch_lengths(_res); while (curfield < result->numfields) { raw = _row[curfield]; @@ -870,6 +871,11 @@ curfield++; continue; } + if (raw == NULL && strsizes[curfield] != 0) { + fprintf(stderr, "WARNING: field size indicates non-NULL field, but raw is NULL.\n"); + ++curfield; + continue; + } switch (result->field_types[curfield]) { case DBI_TYPE_INTEGER: -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
