Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: mariadb-corporation/mariadb-connector-c
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: 3.1
Choose a base ref
...
head repository: Zyrin/mariadb-connector-c
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: 3.1
Choose a head ref
Can’t automatically merge. Don’t worry, you can still create the pull request.
  • 1 commit
  • 1 file changed
  • 1 contributor

Commits on Mar 21, 2019

  1. Reserve the correct amount of space for date/time types 

    This fixes a crash, when more then 1024 Bytes are required, but the incorrect amount of memory was reserved, leading to a heap corruption.
    @Zyrin
    Zyrin committed Mar 21, 2019
    Copy the full SHA
    317bd31 View commit details
Showing with 18 additions and 2 deletions.
  1. +18 −2 libmariadb/mariadb_stmt.c
20 changes: 18 additions & 2 deletions libmariadb/mariadb_stmt.c
View file
Original file line number Diff line number Diff line change
@@ -790,9 +790,17 @@ unsigned char* mysql_stmt_execute_generate_simple_request(MYSQL_STMT *stmt, size
case MYSQL_TYPE_ENUM:
case MYSQL_TYPE_BIT:
case MYSQL_TYPE_SET:
size+= 5; /* max 8 bytes for size */
size+= 9; /* max 9 bytes for size */
size+= (size_t)ma_get_length(stmt, i, 0);
break;
case MYSQL_TYPE_DATE:
case MYSQL_TYPE_TIMESTAMP:
case MYSQL_TYPE_DATETIME:
size += MAX_DATETIME_STR_LEN;
break;
case MYSQL_TYPE_TIME:
size += MAX_TIME_STR_LEN;
break;
default:
size+= mysql_ps_fetch_functions[stmt->params[i].buffer_type].pack_len;
break;
@@ -987,7 +995,7 @@ unsigned char* mysql_stmt_execute_generate_bulk_request(MYSQL_STMT *stmt, size_t
case MYSQL_TYPE_ENUM:
case MYSQL_TYPE_BIT:
case MYSQL_TYPE_SET:
size+= 5; /* max 8 bytes for size */
size+= 9; /* max 9 bytes for size */
if (!stmt->param_callback)
{
if (indicator == STMT_INDICATOR_NTS ||
@@ -1004,6 +1012,14 @@ unsigned char* mysql_stmt_execute_generate_bulk_request(MYSQL_STMT *stmt, size_t
size+= stmt->params[i].buffer_length;
}
break;
case MYSQL_TYPE_DATE:
case MYSQL_TYPE_TIMESTAMP:
case MYSQL_TYPE_DATETIME:
size += MAX_DATETIME_STR_LEN;
break;
case MYSQL_TYPE_TIME:
size += MAX_TIME_STR_LEN;
break;
default:
size+= mysql_ps_fetch_functions[stmt->params[i].buffer_type].pack_len;
break;