Commit ef41021f authored by unknown's avatar unknown

bug #20152: mysql_stmt_execute() overwrites parameter buffers

When using a parameter bind MYSQL_TYPE_DATE in a prepared statement,
the time part of the MYSQL_TIME buffer was written to zero in
mysql_stmt_execute(). The param_store_date() function in libmysql.c
worked directly on the provided buffer.
Changed to use a copy of the buffer.


libmysql/libmysql.c:
  fix for bug #20152
tests/mysql_client_test.c:
  added test for bug#20152
parent c611cde1
...@@ -2409,10 +2409,9 @@ static void net_store_datetime(NET *net, MYSQL_TIME *tm) ...@@ -2409,10 +2409,9 @@ static void net_store_datetime(NET *net, MYSQL_TIME *tm)
static void store_param_date(NET *net, MYSQL_BIND *param) static void store_param_date(NET *net, MYSQL_BIND *param)
{ {
MYSQL_TIME *tm= (MYSQL_TIME *) param->buffer; MYSQL_TIME tm= *((MYSQL_TIME *) param->buffer);
tm->hour= tm->minute= tm->second= 0; tm.hour= tm.minute= tm.second= tm.second_part= 0;
tm->second_part= 0; net_store_datetime(net, &tm);
net_store_datetime(net, tm);
} }
static void store_param_datetime(NET *net, MYSQL_BIND *param) static void store_param_datetime(NET *net, MYSQL_BIND *param)
......
...@@ -11855,6 +11855,58 @@ static void test_bug15613() ...@@ -11855,6 +11855,58 @@ static void test_bug15613()
mysql_stmt_close(stmt); mysql_stmt_close(stmt);
} }
/*
Bug#20152: mysql_stmt_execute() writes to MYSQL_TYPE_DATE buffer
*/
static void test_bug20152()
{
MYSQL_BIND bind[1];
MYSQL_STMT *stmt;
MYSQL_TIME tm;
int rc;
const char *query= "INSERT INTO t1 (f1) VALUES (?)";
myheader("test_bug20152");
memset(bind, 0, sizeof(bind));
bind[0].buffer_type= MYSQL_TYPE_DATE;
bind[0].buffer= (void*)&tm;
tm.year = 2006;
tm.month = 6;
tm.day = 18;
tm.hour = 14;
tm.minute = 9;
tm.second = 42;
rc= mysql_query(mysql, "DROP TABLE IF EXISTS t1");
myquery(rc);
rc= mysql_query(mysql, "CREATE TABLE t1 (f1 DATE)");
myquery(rc);
stmt= mysql_stmt_init(mysql);
rc= mysql_stmt_prepare(stmt, query, strlen(query));
check_execute(stmt, rc);
rc= mysql_stmt_bind_param(stmt, bind);
check_execute(stmt, rc);
rc= mysql_stmt_execute(stmt);
check_execute(stmt, rc);
rc= mysql_stmt_close(stmt);
check_execute(stmt, rc);
rc= mysql_query(mysql, "DROP TABLE t1");
myquery(rc);
if (tm.hour == 14 && tm.minute == 9 && tm.second == 42) {
if (!opt_silent)
printf("OK!");
} else {
printf("[14:09:42] != [%02d:%02d:%02d]\n", tm.hour, tm.minute, tm.second);
DIE_UNLESS(0==1);
}
}
/* /*
Read and parse arguments and MySQL options from my.cnf Read and parse arguments and MySQL options from my.cnf
*/ */
...@@ -12078,6 +12130,7 @@ static struct my_tests_st my_tests[]= { ...@@ -12078,6 +12130,7 @@ static struct my_tests_st my_tests[]= {
{ "test_bug11718", test_bug11718 }, { "test_bug11718", test_bug11718 },
{ "test_bug12925", test_bug12925 }, { "test_bug12925", test_bug12925 },
{ "test_bug15613", test_bug15613 }, { "test_bug15613", test_bug15613 },
{ "test_bug20152", test_bug20152 },
{ 0, 0 } { 0, 0 }
}; };
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment