lsm/mdbtools
1
0
Fork 0
mirror of https://github.com/mdbtools/mdbtools.git synced 2025-04-05 20:31:00 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

Merge pull request from evanmiller/bounds-check-mdb-sql-bind-column

Browse Source 
[Updated] Bounds check mdb_sql_bind_column()
This commit is contained in:
Evan Miller 2020-11-14 08:16:53 -05:00 committed by GitHub
commit 1efe8fc709
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 20 additions and 12 deletions
include
mdbsql.h
src
odbc
odbc.c
sql
mdbsql.c

4
include/mdbsql.h
View File

@ -100,11 +100,11 @@ void mdb_sql_describe_table(MdbSQL *sql);
MdbSQL* mdb_sql_run_query (MdbSQL*, const gchar*);
void mdb_sql_set_maxrow(MdbSQL *sql, int maxrow);
int mdb_sql_eval_expr(MdbSQL *sql, char *const1, int op, char *const2);
void mdb_sql_bind_all(MdbSQL *sql);
int mdb_sql_bind_all(MdbSQL *sql);
void mdb_sql_unbind_all(MdbSQL *sql);
int mdb_sql_fetch_row(MdbSQL *sql, MdbTableDef *table);
int mdb_sql_add_temp_col(MdbSQL *sql, MdbTableDef *ttable, int col_num, char *name, int col_type, int col_size, int is_fixed);
void mdb_sql_bind_column(MdbSQL *sql, int colnum, void *varaddr, int *len_ptr);
int mdb_sql_bind_column(MdbSQL *sql, int colnum, void *varaddr, int *len_ptr);
int mdb_sql_add_limit(MdbSQL *sql, char *limit, int percent);
int mdb_sql_get_limit(MdbSQL *sql);

7
src/odbc/odbc.c
View File

@ -1037,11 +1037,8 @@ bind_columns(struct _hstmt *stmt)
if (stmt->rows_affected==0) {
cur = stmt->bind_head;
while (cur) {
if (cur->column_number>0 &&
cur->column_number <= stmt->sql->num_columns) {
mdb_sql_bind_column(stmt->sql, cur->column_number,
cur->varaddr, cur->column_lenbind);
} else {
if (mdb_sql_bind_column(stmt->sql, cur->column_number,
cur->varaddr, cur->column_lenbind) == -1) {
/* log error ? */
}
cur = cur->next;

21
src/sql/mdbsql.c
View File

@ -112,7 +112,10 @@ mdb_sql_run_query (MdbSQL* sql, const gchar* querystr) {
return NULL;
}
mdb_sql_bind_all (sql);
if (mdb_sql_bind_all(sql) == -1) {
mdb_sql_error (sql, _("Failed to bind columns for '%s' command"), querystr);
return NULL;
}
return sql;
}
@ -872,16 +875,20 @@ int found = 0;
}
}
void
int
mdb_sql_bind_column(MdbSQL *sql, int colnum, void *varaddr, int *len_ptr)
{
MdbSQLColumn *sqlcol;
if (colnum <= 0 || colnum > sql->num_columns)
return -1;
/* sql columns are traditionally 1 based, so decrement colnum */
sqlcol = g_ptr_array_index(sql->columns,colnum - 1);
mdb_bind_column_by_name(sql->cur_table, sqlcol->name, varaddr, len_ptr);
return mdb_bind_column_by_name(sql->cur_table, sqlcol->name, varaddr, len_ptr);
}
void
int
mdb_sql_bind_all(MdbSQL *sql)
{
unsigned int i;
@ -890,8 +897,12 @@ mdb_sql_bind_all(MdbSQL *sql)
for (i=0;i<sql->num_columns;i++) {
bound_value = g_malloc0(sql->mdb->bind_size);
g_ptr_array_add(sql->bound_values, bound_value);
mdb_sql_bind_column(sql, i+1, bound_value, NULL);
if (mdb_sql_bind_column(sql, i+1, bound_value, NULL) == -1) {
mdb_sql_unbind_all(sql);
return -1;
}
}
return sql->num_columns;
}
void mdb_sql_unbind_all(MdbSQL *sql)