Skip Menu |

This queue is for tickets about the DBD-mysql CPAN distribution.

Report information
The Basics
Id: 21962
Status: resolved
Priority: 0/
Queue: DBD-mysql
People
Owner: Nobody in particular
Requestors: kgeorge [...] tcpsoft.com
Cc:
AdminCc:
Bug Information
Severity: (no value)
Broken in: (no value)
Fixed in: (no value)

History Show all quoted text
  Sun Oct 08 14:34:27 2006 kgeorge [...] tcpsoft.com - Ticket created
Subject: Variable overwrite in conditionally compiled block of dbd_st_prepare() causes segfault (patch provided) (v3.0007_2)
Date: Sun, 8 Oct 2006 14:33:52 -0400 (EDT)
To: bug-DBD-mysql [...] rt.cpan.org
From: Kyle George <kgeorge [...] tcpsoft.com>

Message body is not shown because it is too large.

  Sun Oct 08 17:35:13 2006 kgeorge [...] tcpsoft.com - Correspondence added
From: kgeorge [...] tcpsoft.com
After looking at this some more, it is still not clear what "i" should be in this statement: col_type= (has_statement_fields ? imp_sth->stmt->fields[i].type : MYSQL_TYPE_STRING); The outer loop looks like it is looping through bound parameters, but "i" never changes anywhere in the loop. And doesn't look like it's being set to anything useful earlier on (unless there is a side effect of a macro or something). Should it be something like this? - for (bind= imp_sth->bind, + for (i = 0, + bind= imp_sth->bind, fbind= imp_sth->fbind, bind_end= bind+DBIc_NUM_PARAMS(imp_sth); bind < bind_end ; - bind++, fbind++ ) + bind++, fbind++, i++ ) { This would work if the number of fields is always equal to the number of bound parameters. However, I don't have much (any) knowledge of the internal workings of this module so there's no way for me to say if that's the case or not.
  Mon Oct 09 19:31:08 2006 CAPTTOFU [...] cpan.org - Correspondence added
On Sun Oct 08 17:35:13 2006, kgeorge@tcpsoft.com wrote: Show quoted text
> After looking at this some more, it is still not clear what "i" should > be in this statement: > > col_type= (has_statement_fields ? > imp_sth->stmt->fields[i].type : MYSQL_TYPE_STRING); > > The outer loop looks like it is looping through bound parameters, but > "i" never changes anywhere in the loop. And doesn't look like it's > being set to anything useful earlier on (unless there is a side effect > of a macro or something). Should it be something like this? > > - for (bind= imp_sth->bind, > + for (i = 0, > + bind= imp_sth->bind, > fbind= imp_sth->fbind, > bind_end= bind+DBIc_NUM_PARAMS(imp_sth); > bind < bind_end ; > - bind++, fbind++ ) > + bind++, fbind++, i++ ) > { > > This would work if the number of fields is always equal to the number of > bound parameters. However, I don't have much (any) knowledge of the > internal workings of this module so there's no way for me to say if > that's the case or not.
This is a good patch! Thanks for finding this. I'm patching it into 3.0007 and 3.0007_1
  Mon Oct 09 19:31:09 2006 The RT System itself - Status changed from 'new' to 'open'
  Thu Dec 28 19:22:40 2006 jimw-removetoemail [...] trainedmonkey.com - Correspondence added
This fixed was included in 3.0008_1 (and the latest release, 4.00), so I'm marking this ticket resolved. Thanks.
  Thu Dec 28 19:22:47 2006 jimw-removetoemail [...] trainedmonkey.com - Status changed from 'open' to 'resolved'