Re: [PHP-CVS] svn: /php/php-src/ branches/PHP_5_3/ext/mysqli/mysqli_api.c branches/PHP_5_3/ext/mysqli/php_mysqli_structs.h branches/PHP_5_3/ext/mysqli/tests/005.phpt trunk/ext/mysqli/mysqli_api.c trun

2009-09-14 Thread Ulf Wendel 

Jani Taskinen schrieb:

What about fixing it also in PHP_5_2 ?? Or doesn't this exist there? ;)
Sounds quite critical to be in there..


Good question.

A precondition for the crash to happen is that ext/mysqli allocates a 
too small result buffer. This could happen due to bug which broke BC in 
5.3.0. That bug has been fixed in the commit immerdiately followed after 
this commit: http://news.php.net/php.cvs/60379


I was wrong that the crash can be reproduced with the test 005.phpt and 
PHP 5.0.x-5.2.x. I checked again and found that I had messed up my PHP 
sources causing a similar but unrelated crash.


I also checked a couple of SQL statements that caused headaches during 
the mysqlnd development (e.g. SELECT UNION) and the MySQL bugs database 
for a bug which may lead to a too small result buffer in order to break 
ext/mysqli: without success.


Anyway, I can patch PHP 5.2 as well, just in case someone finds a way to 
make a current MySQL server report faulty meta data (length must be 
reported as 0 but the actual data returned needs to be longer than 256 
bytes).


Ulf

--
Ulf Wendel, MySQL
Sun Microsystems GmbH,   Sonnenallee 1,   D-85551 Kirchheim-Heimstetten
Geschaeftsfuehrer: Thomas Schroeder, Wolfgang Engels, Dr. Roland Boemer
Vorsitzender des Aufsichtsrates: Martin Haering Muenchen: HRB161028

--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP-CVS] svn: /php/php-src/ branches/PHP_5_3/ext/mysqli/mysqli_api.c branches/PHP_5_3/ext/mysqli/php_mysqli_structs.h branches/PHP_5_3/ext/mysqli/tests/005.phpt trunk/ext/mysqli/mysqli_api.c trun

2009-09-11 Thread Jani Taskinen 

What about fixing it also in PHP_5_2 ?? Or doesn't this exist there? ;)
Sounds quite critical to be in there..

--Jani


On 09/11/2009 03:16 PM, Ulf Wendel wrote:

uw   Fri, 11 Sep 2009 12:16:56 +

Revision: http://svn.php.net/viewvc?view=revisionrevision=288263

Log:
Fixing a crash which must have existed since PHP 5.0. At least the crash can be 
reproduced with PHP 5.0.6. The crash happens only when using the MySQL Client 
Library (libmysql) - it does not happen
when using mysqlnd.

Changed paths:
 U   php/php-src/branches/PHP_5_3/ext/mysqli/mysqli_api.c
 U   php/php-src/branches/PHP_5_3/ext/mysqli/php_mysqli_structs.h
 U   php/php-src/branches/PHP_5_3/ext/mysqli/tests/005.phpt
 U   php/php-src/trunk/ext/mysqli/mysqli_api.c
 U   php/php-src/trunk/ext/mysqli/php_mysqli_structs.h
 U   php/php-src/trunk/ext/mysqli/tests/005.phpt

Modified: php/php-src/branches/PHP_5_3/ext/mysqli/mysqli_api.c
===
--- php/php-src/branches/PHP_5_3/ext/mysqli/mysqli_api.c2009-09-11 
11:50:03 UTC (rev 288262)
+++ php/php-src/branches/PHP_5_3/ext/mysqli/mysqli_api.c2009-09-11 
12:16:56 UTC (rev 288263)
@@ -409,7 +409,7 @@
bind[ofs].buffer = stmt-result.buf[ofs].val;
bind[ofs].is_null =stmt-result.is_null[ofs];
bind[ofs].buffer_length = 
stmt-result.buf[ofs].buflen;
-   bind[ofs].length =stmt-result.buf[ofs].buflen;
+   bind[ofs].length 
=stmt-result.buf[ofs].output_len;
break;
}
default:
@@ -916,7 +916,7 @@
{
  #endif

ZVAL_STRINGL(stmt-result.vars[i], stmt-result.buf[i].val,
-  
  stmt-result.buf[i].buflen, 1);
+  
  stmt-result.buf[i].output_len, 1);
}
}
break;

Modified: php/php-src/branches/PHP_5_3/ext/mysqli/php_mysqli_structs.h
===
--- php/php-src/branches/PHP_5_3/ext/mysqli/php_mysqli_structs.h
2009-09-11 11:50:03 UTC (rev 288262)
+++ php/php-src/branches/PHP_5_3/ext/mysqli/php_mysqli_structs.h
2009-09-11 12:16:56 UTC (rev 288263)
@@ -73,8 +73,9 @@
  };

  typedef struct {
+   char*val;
ulong   buflen;
-   char*val;
+   ulong   output_len;
ulong   type;
  } VAR_BUFFER;


Modified: php/php-src/branches/PHP_5_3/ext/mysqli/tests/005.phpt
===
--- php/php-src/branches/PHP_5_3/ext/mysqli/tests/005.phpt  2009-09-11 
11:50:03 UTC (rev 288262)
+++ php/php-src/branches/PHP_5_3/ext/mysqli/tests/005.phpt  2009-09-11 
12:16:56 UTC (rev 288263)
@@ -32,6 +32,9 @@

var_dump($test);

+   /* this will crash with libmysql from PHP 5.0.6 (or earlier) to 5.3.0 */
+   mysqli_fetch($stmt);
+
mysqli_stmt_close($stmt);
mysqli_query($link, DROP TABLE IF EXISTS test_bind_fetch);
mysqli_close($link);

Modified: php/php-src/trunk/ext/mysqli/mysqli_api.c
===
--- php/php-src/trunk/ext/mysqli/mysqli_api.c   2009-09-11 11:50:03 UTC (rev 
288262)
+++ php/php-src/trunk/ext/mysqli/mysqli_api.c   2009-09-11 12:16:56 UTC (rev 
288263)
@@ -409,7 +409,7 @@
bind[ofs].buffer = stmt-result.buf[ofs].val;
bind[ofs].is_null =stmt-result.is_null[ofs];
bind[ofs].buffer_length = 
stmt-result.buf[ofs].buflen;
-   bind[ofs].length =stmt-result.buf[ofs].buflen;
+   bind[ofs].length 
=stmt-result.buf[ofs].output_len;
break;
}
default:
@@ -955,7 +955,7 @@
} else
  #endif
{
-   copy_len = 
stmt-result.buf[i].buflen;
+   copy_len = 
stmt-result.buf[i].output_len;
}
if 
(!IS_BINARY_DATA(fields[i])) {