andrey Mon, 31 May 2010 18:18:37 +0000
Revision: http://svn.php.net/viewvc?view=revision&revision=300000
Log:
Don't reference row_packet before checking if dereferencing is possible
Changed paths:
U php/php-src/branches/PHP_5_3/ext/mysqlnd/mysqlnd_ps.c
U php/php-src/trunk/ext/mysqlnd/mysqlnd_ps.c
Modified: php/php-src/branches/PHP_5_3/ext/mysqlnd/mysqlnd_ps.c
===================================================================
--- php/php-src/branches/PHP_5_3/ext/mysqlnd/mysqlnd_ps.c 2010-05-31
18:10:25 UTC (rev 299999)
+++ php/php-src/branches/PHP_5_3/ext/mysqlnd/mysqlnd_ps.c 2010-05-31
18:18:37 UTC (rev 300000)
@@ -308,7 +308,7 @@
{
MYSQLND_STMT_DATA * stmt = s? s->data:NULL;
MYSQLND_PACKET_EOF * fields_eof;
- enum_func_status ret;
+ enum_func_status ret = FAIL;
DBG_ENTER("mysqlnd_stmt_prepare_read_eof");
DBG_INF_FMT("stmt=%lu", stmt->stmt_id);
@@ -371,6 +371,9 @@
fails, we will scrap it.
*/
s_to_prepare = stmt->conn->m->stmt_init(stmt->conn TSRMLS_CC);
+ if (!s_to_prepare) {
+ goto fail;
+ }
stmt_to_prepare = s_to_prepare->data;
}
@@ -427,7 +430,7 @@
DBG_RETURN(PASS);
fail:
- if (stmt_to_prepare != stmt) {
+ if (stmt_to_prepare != stmt && s_to_prepare) {
s_to_prepare->m->dtor(s_to_prepare, TRUE TSRMLS_CC);
}
stmt->state = MYSQLND_STMT_INITTED;
@@ -776,7 +779,7 @@
enum_func_status ret;
MYSQLND_STMT * s = (MYSQLND_STMT *) param;
MYSQLND_STMT_DATA * stmt = s? s->data:NULL;
- MYSQLND_PACKET_ROW *row_packet = result->row_packet;
+ MYSQLND_PACKET_ROW * row_packet;
DBG_ENTER("mysqlnd_stmt_fetch_row_unbuffered");
@@ -793,6 +796,10 @@
DBG_ERR("command out of sync");
DBG_RETURN(FAIL);
}
+ if (!(row_packet = result->row_packet)) {
+ DBG_RETURN(FAIL);
+ }
+
/* Let the row packet fill our buffer and skip additional malloc +
memcpy */
row_packet->skip_extraction = stmt && stmt->result_bind? FALSE:TRUE;
@@ -943,9 +950,9 @@
{
enum_func_status ret;
MYSQLND_STMT * s = (MYSQLND_STMT *) param;
- MYSQLND_STMT_DATA * stmt = s? s->data : NULL;
+ MYSQLND_STMT_DATA * stmt = s? s->data:NULL;
zend_uchar buf[STMT_ID_LENGTH /* statement id */ + 4 /* number of rows
to fetch */];
- MYSQLND_PACKET_ROW *row_packet = result->row_packet;
+ MYSQLND_PACKET_ROW * row_packet;
DBG_ENTER("mysqlnd_fetch_stmt_row_cursor");
@@ -963,6 +970,9 @@
DBG_ERR("command out of sync");
DBG_RETURN(FAIL);
}
+ if (!(row_packet = result->row_packet)) {
+ DBG_RETURN(FAIL);
+ }
SET_EMPTY_ERROR(stmt->error_info);
SET_EMPTY_ERROR(stmt->conn->error_info);
@@ -1466,7 +1476,6 @@
DBG_ENTER("mysqlnd_stmt::bind_result");
DBG_INF_FMT("stmt=%lu field_count=%u", stmt->stmt_id,
stmt->field_count);
-
if (stmt->state < MYSQLND_STMT_PREPARED) {
SET_STMT_ERROR(stmt, CR_NO_PREPARE_STMT, UNKNOWN_SQLSTATE,
mysqlnd_stmt_not_prepared);
if (result_bind) {
@@ -1673,7 +1682,6 @@
if (!stmt->param_count) {
return NULL;
}
-
return NULL;
}
/* }}} */
Modified: php/php-src/trunk/ext/mysqlnd/mysqlnd_ps.c
===================================================================
--- php/php-src/trunk/ext/mysqlnd/mysqlnd_ps.c 2010-05-31 18:10:25 UTC (rev
299999)
+++ php/php-src/trunk/ext/mysqlnd/mysqlnd_ps.c 2010-05-31 18:18:37 UTC (rev
300000)
@@ -308,7 +308,7 @@
{
MYSQLND_STMT_DATA * stmt = s? s->data:NULL;
MYSQLND_PACKET_EOF * fields_eof;
- enum_func_status ret;
+ enum_func_status ret = FAIL;
DBG_ENTER("mysqlnd_stmt_prepare_read_eof");
DBG_INF_FMT("stmt=%lu", stmt->stmt_id);
@@ -371,6 +371,9 @@
fails, we will scrap it.
*/
s_to_prepare = stmt->conn->m->stmt_init(stmt->conn TSRMLS_CC);
+ if (!s_to_prepare) {
+ goto fail;
+ }
stmt_to_prepare = s_to_prepare->data;
}
@@ -427,7 +430,7 @@
DBG_RETURN(PASS);
fail:
- if (stmt_to_prepare != stmt) {
+ if (stmt_to_prepare != stmt && s_to_prepare) {
s_to_prepare->m->dtor(s_to_prepare, TRUE TSRMLS_CC);
}
stmt->state = MYSQLND_STMT_INITTED;
@@ -776,7 +779,7 @@
enum_func_status ret;
MYSQLND_STMT * s = (MYSQLND_STMT *) param;
MYSQLND_STMT_DATA * stmt = s? s->data:NULL;
- MYSQLND_PACKET_ROW *row_packet = result->row_packet;
+ MYSQLND_PACKET_ROW * row_packet;
DBG_ENTER("mysqlnd_stmt_fetch_row_unbuffered");
@@ -793,6 +796,10 @@
DBG_ERR("command out of sync");
DBG_RETURN(FAIL);
}
+ if (!(row_packet = result->row_packet)) {
+ DBG_RETURN(FAIL);
+ }
+
/* Let the row packet fill our buffer and skip additional malloc +
memcpy */
row_packet->skip_extraction = stmt && stmt->result_bind? FALSE:TRUE;
@@ -943,9 +950,9 @@
{
enum_func_status ret;
MYSQLND_STMT * s = (MYSQLND_STMT *) param;
- MYSQLND_STMT_DATA * stmt = s? s->data : NULL;
+ MYSQLND_STMT_DATA * stmt = s? s->data:NULL;
zend_uchar buf[STMT_ID_LENGTH /* statement id */ + 4 /* number of rows
to fetch */];
- MYSQLND_PACKET_ROW *row_packet = result->row_packet;
+ MYSQLND_PACKET_ROW * row_packet;
DBG_ENTER("mysqlnd_fetch_stmt_row_cursor");
@@ -963,6 +970,9 @@
DBG_ERR("command out of sync");
DBG_RETURN(FAIL);
}
+ if (!(row_packet = result->row_packet)) {
+ DBG_RETURN(FAIL);
+ }
SET_EMPTY_ERROR(stmt->error_info);
SET_EMPTY_ERROR(stmt->conn->error_info);
@@ -1466,7 +1476,6 @@
DBG_ENTER("mysqlnd_stmt::bind_result");
DBG_INF_FMT("stmt=%lu field_count=%u", stmt->stmt_id,
stmt->field_count);
-
if (stmt->state < MYSQLND_STMT_PREPARED) {
SET_STMT_ERROR(stmt, CR_NO_PREPARE_STMT, UNKNOWN_SQLSTATE,
mysqlnd_stmt_not_prepared);
if (result_bind) {
@@ -1673,7 +1682,6 @@
if (!stmt->param_count) {
return NULL;
}
-
return NULL;
}
/* }}} */
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
