lsm/mdbtools
1
0
Fork 0
mirror of https://github.com/mdbtools/mdbtools.git synced 2025-06-28 15:39:02 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

Bounds check mdb_sql_bind_column()

Browse Source 
Return -1 if the bounds check fails, otherwise the result of
mdb_bind_column_by_name.

Update other places in the code to check the return value.
This commit is contained in:
Evan Miller 2020-11-08 08:50:17 -05:00
parent 97e1d348f7
commit bbc53dfade
3 changed files with 20 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
include/mdbsql.h
View File

@ -100,11 +100,11 @@ void mdb_sql_describe_table(MdbSQL *sql);
MdbSQL* mdb_sql_run_query (MdbSQL*, const gchar*); MdbSQL* mdb_sql_run_query (MdbSQL*, const gchar*);
void mdb_sql_set_maxrow(MdbSQL *sql, int maxrow); void mdb_sql_set_maxrow(MdbSQL *sql, int maxrow);
int mdb_sql_eval_expr(MdbSQL *sql, char *const1, int op, char *const2); int mdb_sql_eval_expr(MdbSQL *sql, char *const1, int op, char *const2);
void mdb_sql_bind_all(MdbSQL *sql); int mdb_sql_bind_all(MdbSQL *sql);
void mdb_sql_unbind_all(MdbSQL *sql); void mdb_sql_unbind_all(MdbSQL *sql);
int mdb_sql_fetch_row(MdbSQL *sql, MdbTableDef *table); int mdb_sql_fetch_row(MdbSQL *sql, MdbTableDef *table);
int mdb_sql_add_temp_col(MdbSQL *sql, MdbTableDef *ttable, int col_num, char *name, int col_type, int col_size, int is_fixed); int mdb_sql_add_temp_col(MdbSQL *sql, MdbTableDef *ttable, int col_num, char *name, int col_type, int col_size, int is_fixed);
void mdb_sql_bind_column(MdbSQL *sql, int colnum, void *varaddr, int *len_ptr); int mdb_sql_bind_column(MdbSQL *sql, int colnum, void *varaddr, int *len_ptr);
int mdb_sql_add_limit(MdbSQL *sql, char *limit, int percent); int mdb_sql_add_limit(MdbSQL *sql, char *limit, int percent);
int mdb_sql_get_limit(MdbSQL *sql); int mdb_sql_get_limit(MdbSQL *sql);

7
src/odbc/odbc.c
View File

@ -1037,11 +1037,8 @@ bind_columns(struct _hstmt *stmt)
if (stmt->rows_affected==0) { if (stmt->rows_affected==0) {
cur = stmt->bind_head; cur = stmt->bind_head;
while (cur) { while (cur) {
if (cur->column_number>0 && if (mdb_sql_bind_column(stmt->sql, cur->column_number,
cur->column_number <= stmt->sql->num_columns) { cur->varaddr, cur->column_lenbind) == -1) {
mdb_sql_bind_column(stmt->sql, cur->column_number,
cur->varaddr, cur->column_lenbind);
} else {
/* log error ? */ /* log error ? */
} }
cur = cur->next; cur = cur->next;

21
src/sql/mdbsql.c
View File

@ -112,7 +112,10 @@ mdb_sql_run_query (MdbSQL* sql, const gchar* querystr) {
return NULL; return NULL;
} }
mdb_sql_bind_all (sql); if (mdb_sql_bind_all(sql) == -1) {
mdb_sql_error (sql, _("Failed to bind columns for '%s' command"), querystr);
return NULL;
}
return sql; return sql;
} }
@ -871,16 +874,20 @@ int found = 0;
} }
} }
void int
mdb_sql_bind_column(MdbSQL *sql, int colnum, void *varaddr, int *len_ptr) mdb_sql_bind_column(MdbSQL *sql, int colnum, void *varaddr, int *len_ptr)
{ {
MdbSQLColumn *sqlcol; MdbSQLColumn *sqlcol;
if (colnum <= 0 || colnum > sql->num_columns)
return -1
/* sql columns are traditionally 1 based, so decrement colnum */ /* sql columns are traditionally 1 based, so decrement colnum */
sqlcol = g_ptr_array_index(sql->columns,colnum - 1); sqlcol = g_ptr_array_index(sql->columns,colnum - 1);
mdb_bind_column_by_name(sql->cur_table, sqlcol->name, varaddr, len_ptr); return mdb_bind_column_by_name(sql->cur_table, sqlcol->name, varaddr, len_ptr);
} }
void
int
mdb_sql_bind_all(MdbSQL *sql) mdb_sql_bind_all(MdbSQL *sql)
{ {
unsigned int i; unsigned int i;
@ -889,8 +896,12 @@ mdb_sql_bind_all(MdbSQL *sql)
for (i=0;i<sql->num_columns;i++) { for (i=0;i<sql->num_columns;i++) {
bound_value = g_malloc0(sql->mdb->bind_size); bound_value = g_malloc0(sql->mdb->bind_size);
g_ptr_array_add(sql->bound_values, bound_value); g_ptr_array_add(sql->bound_values, bound_value);
mdb_sql_bind_column(sql, i+1, bound_value, NULL); if (mdb_sql_bind_column(sql, i+1, bound_value, NULL) == -1) {
mdb_sql_unbind_all(sql);
return -1;
}
} }
return sql->num_columns;
} }
void mdb_sql_unbind_all(MdbSQL *sql) void mdb_sql_unbind_all(MdbSQL *sql)