Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix for Issue #16910 #16911

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Fix for Issue #16910 #16911

wants to merge 1 commit into from
+51 −4

Conversation

9EOR9
Copy link

@9EOR9 9EOR9 commented Nov 23, 2024

Prevent truncation of fractional seconds in binary protocol if server sends AUTO_SEC_PART_DIGITS (value=39) in decimals value of metadata for TIME or DATETIME types.

@9EOR9
Fix for Issue php#16910
223ab78 
Prevent truncation of fractional seconds in binary protocol if server
sends AUTO_SEC_PART_DIGITS (value=39) in decimals value of metadata
for TIME or DATETIME types.
bukka
bukka reviewed Nov 24, 2024
View reviewed changes
ext/mysqlnd/mysqlnd_ps_codec.c
Comment on lines +243 to +245
if (field->decimals > 0 && (field->decimals <= MYSQLND_SEC_PART_DIGITS ||
(field->decimals == MYSQLND_AUTO_SEC_PART_DIGITS && t.second_part))) {
uint8_t decimals= (field->decimals == MYSQLND_AUTO_SEC_PART_DIGITS) ? MYSQLND_SEC_PART_DIGITS : field->decimals;
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

wrong indent - use tabs...

ext/mysqlnd/mysqlnd_ps_codec.c
Comment on lines +243 to +245
if (field->decimals > 0 && (field->decimals <= MYSQLND_SEC_PART_DIGITS ||
(field->decimals == MYSQLND_AUTO_SEC_PART_DIGITS && t.second_part))) {
uint8_t decimals= (field->decimals == MYSQLND_AUTO_SEC_PART_DIGITS) ? MYSQLND_SEC_PART_DIGITS : field->decimals;
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think you should probably replace field->decimals with decimals in zend_strpprintf below.

ext/mysqli/tests/gh16910.phpt
@@ -0,0 +1,40 @@
--TEST--
GH-xxxxx (AUTO_SEC_PART_DIGITS (field->decimal value=39) ignored in binary protocol)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
GH-xxxxx (AUTO_SEC_PART_DIGITS (field->decimal value=39) ignored in binary protocol)
GH-16910 (AUTO_SEC_PART_DIGITS (field->decimal value=39) ignored in binary protocol)

@bukka bukka changed the base branch from master to PHP-8.2 November 24, 2024 17:05
@bukka bukka changed the base branch from PHP-8.2 to master November 24, 2024 17:05
@bukka
Copy link
Member

bukka commented Nov 24, 2024
edited
Loading

This seems to be based against old master - I recently did some security fixes in mysqlnd_ps_codec that conflicts with this. It should actually target PHP-8.2 branch. So please base it on that branch.

@bukka
Copy link
Member

bukka commented Nov 24, 2024

Sorry for adding the reviewers - thought that the conflict is because of the wrong base but it was actually just based on old master...

bukka
bukka requested changes Nov 24, 2024
View reviewed changes
ext/mysqli/tests/gh16910.phpt
Comment on lines +1 to +40
--TEST--
GH-xxxxx (AUTO_SEC_PART_DIGITS (field->decimal value=39) ignored in binary protocol)
--EXTENSIONS--
mysqli
--SKIPIF--
<?php
require_once 'skipifconnectfailure.inc';
?>
--FILE--
<?php
require_once 'connect.inc';

if (!$link = my_mysqli_connect($host, $user, $passwd, $db, $port, $socket)) {
printf("Cannot connect to the server using host=%s, user=%s, passwd=***, dbname=%s, port=%s, socket=%s\n",
$host, $user, $db, $port, $socket);
exit(1);
}

// Values from binary and text protocol should be the same
$stmt = $link->prepare("select FROM_UNIXTIME('1992.1'), FROM_UNIXTIME('1992.0')");
$stmt->execute();
$stmt->bind_result($binval[0],$binval[1]);
$stmt->fetch();
$stmt->close();

$result = $link->query("select FROM_UNIXTIME('1992.1'), FROM_UNIXTIME('1992.0')");
$txtval = $result->fetch_row();
$result->close();
$err_cnt= 0;

for ($i=0; $i < 2; $i++)
if ($txtval[$i] != $binval[$i])
printf("[%03d] Expected '%s' (text protocol), got '%s' (binary protocol)",
$err_cnt++, $txtval[$i], $binval[$i]);

if ($err_cnt == 0)
print "done!";
?>
--EXPECT--
done!
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

So after checking the code I had a little suspicion about this test so I gave it a try and it passes without the patch so it doesn't look like it tests the actual behaviour - at least not with MySQL version (8.40). And seems like it won't probably fail in CI either. If it's DB dependent and not easy to recreate using DB in CI, then please add a direct protocol test using the fake server that I recently added. Also see an example for datetime stmt (binary protocol) and generic query usage. The main part is always in fake_server though.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bukka bukka bukka requested changes

@SakiTakamachi SakiTakamachi Awaiting requested review from SakiTakamachi SakiTakamachi is a code owner

Assignees
No one assigned
Labels
Extension: mysqli Extension: mysqlnd
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@9EOR9 @bukka