diff options
Diffstat (limited to 'libmysql/libmysql.c')
| -rw-r--r-- | libmysql/libmysql.c | 23 |
1 files changed, 9 insertions, 14 deletions
diff --git a/libmysql/libmysql.c b/libmysql/libmysql.c index 7ab8d26d233..bb0059f8e25 100644 --- a/libmysql/libmysql.c +++ b/libmysql/libmysql.c @@ -1269,7 +1269,7 @@ static MYSQL_DATA *read_rows(MYSQL *mysql,MYSQL_FIELD *mysql_fields, else { cur->data[field] = to; - if (to+len > end_to) + if (len > (ulong) (end_to - to)) { free_rows(result); net->last_errno=CR_MALFORMED_PACKET; @@ -1315,7 +1315,7 @@ read_one_row(MYSQL *mysql,uint fields,MYSQL_ROW row, ulong *lengths) { uint field; ulong pkt_len,len; - uchar *pos,*prev_pos; + uchar *pos,*prev_pos, *end_pos; if ((pkt_len=net_safe_read(mysql)) == packet_error) return -1; @@ -1327,6 +1327,7 @@ read_one_row(MYSQL *mysql,uint fields,MYSQL_ROW row, ulong *lengths) } prev_pos= 0; /* allowed to write at packet[-1] */ pos=mysql->net.read_pos; + end_pos=pos+pkt_len; for (field=0 ; field < fields ; field++) { if ((len=(ulong) net_field_length(&pos)) == NULL_LENGTH) @@ -1336,6 +1337,12 @@ read_one_row(MYSQL *mysql,uint fields,MYSQL_ROW row, ulong *lengths) } else { + if (len > (ulong) (end_pos - pos)) + { + mysql->net.last_errno=CR_UNKNOWN_ERROR; + strmov(mysql->net.last_error,ER(mysql->net.last_errno)); + return -1; + } row[field] = (char*) pos; pos+=len; *lengths++=len; @@ -3508,18 +3515,6 @@ uint STDCALL mysql_thread_safe(void) #endif } -MYSQL_RES *STDCALL mysql_warnings(MYSQL *mysql) -{ - uint warning_count; - DBUG_ENTER("mysql_warnings"); - /* Save warning count as mysql_real_query may change this */ - warning_count= mysql->warning_count; - if (mysql_real_query(mysql, "SHOW WARNINGS", 13)) - DBUG_RETURN(0); - mysql->warning_count= warning_count; - DBUG_RETURN(mysql_store_result(mysql)); -} - /**************************************************************************** Some support functions ****************************************************************************/ |