summaryrefslogtreecommitdiff
path: root/ext/mysqlnd/mysqlnd.c
diff options
context:
space:
mode:
authorAndrey Hristov <andrey@php.net>2010-04-27 08:02:08 +0000
committerAndrey Hristov <andrey@php.net>2010-04-27 08:02:08 +0000
commitc92c788c8511384f6f16a05d4c5fe9385f267b29 (patch)
tree03d181492501dbda590712be73e89e368c8dc034 /ext/mysqlnd/mysqlnd.c
parentc200eeeb613b6d20063269c69ad725a53e2f0e37 (diff)
downloadphp-git-c92c788c8511384f6f16a05d4c5fe9385f267b29.tar.gz
Fixed possible buffer overflow in mysqlnd_conn__list_fields.
Diffstat (limited to 'ext/mysqlnd/mysqlnd.c')
-rw-r--r--ext/mysqlnd/mysqlnd.c10
1 files changed, 6 insertions, 4 deletions
diff --git a/ext/mysqlnd/mysqlnd.c b/ext/mysqlnd/mysqlnd.c
index 69c294368e..df400f1e5e 100644
--- a/ext/mysqlnd/mysqlnd.c
+++ b/ext/mysqlnd/mysqlnd.c
@@ -1074,14 +1074,16 @@ MYSQLND_METHOD(mysqlnd_conn, list_fields)(MYSQLND * conn, const char *table, con
p = buff;
if (table && (table_len = strlen(table))) {
- memcpy(p, table, MIN(table_len, MYSQLND_MAX_ALLOWED_DB_LEN * 4));
- p += table_len;
+ size_t to_copy = MIN(table_len, MYSQLND_MAX_ALLOWED_DB_LEN * 4);
+ memcpy(p, table, to_copy);
+ p += to_copy;
*p++ = '\0';
}
if (achtung_wild && (wild_len = strlen(achtung_wild))) {
- memcpy(p, achtung_wild, MIN(wild_len, MYSQLND_MAX_ALLOWED_DB_LEN * 4));
- p += wild_len;
+ size_t to_copy = MIN(wild_len, MYSQLND_MAX_ALLOWED_DB_LEN * 4);
+ memcpy(p, achtung_wild, to_copy);
+ p += to_copy;
*p++ = '\0';
}
View Lorry Controller Status