Skip to content

Commit 4e96b75

Browse files
committed
Replace dead overflow checks with assertions
We allocate twice the input length, and every input character results in either 1 or 2 output bytes, so we cannot overflow.
1 parent a3e7444 commit 4e96b75

File tree

1 file changed

+6
-35
lines changed

1 file changed

+6
-35
lines changed

ext/mysqlnd/mysqlnd_charset.c

Lines changed: 6 additions & 35 deletions
Original file line numberDiff line numberDiff line change
@@ -777,7 +777,6 @@ PHPAPI zend_ulong mysqlnd_cset_escape_quotes(const MYSQLND_CHARSET * const cset,
777777
const char *newstr_s = newstr;
778778
const char *newstr_e = newstr + 2 * escapestr_len;
779779
const char *end = escapestr + escapestr_len;
780-
bool escape_overflow = FALSE;
781780

782781
DBG_ENTER("mysqlnd_cset_escape_quotes");
783782

@@ -786,12 +785,7 @@ PHPAPI zend_ulong mysqlnd_cset_escape_quotes(const MYSQLND_CHARSET * const cset,
786785
/* check unicode characters */
787786

788787
if (cset->char_maxlen > 1 && (len = cset->mb_valid(escapestr, end))) {
789-
790-
/* check possible overflow */
791-
if ((newstr + len) > newstr_e) {
792-
escape_overflow = TRUE;
793-
break;
794-
}
788+
ZEND_ASSERT(newstr + len <= newstr_e);
795789
/* copy mb char without escaping it */
796790
while (len--) {
797791
*newstr++ = *escapestr++;
@@ -800,25 +794,16 @@ PHPAPI zend_ulong mysqlnd_cset_escape_quotes(const MYSQLND_CHARSET * const cset,
800794
continue;
801795
}
802796
if (*escapestr == '\'') {
803-
if (newstr + 2 > newstr_e) {
804-
escape_overflow = TRUE;
805-
break;
806-
}
797+
ZEND_ASSERT(newstr + 2 <= newstr_e);
807798
*newstr++ = '\'';
808799
*newstr++ = '\'';
809800
} else {
810-
if (newstr + 1 > newstr_e) {
811-
escape_overflow = TRUE;
812-
break;
813-
}
801+
ZEND_ASSERT(newstr + 1 <= newstr_e);
814802
*newstr++ = *escapestr;
815803
}
816804
}
817805
*newstr = '\0';
818806

819-
if (escape_overflow) {
820-
DBG_RETURN((zend_ulong)~0);
821-
}
822807
DBG_RETURN((zend_ulong)(newstr - newstr_s));
823808
}
824809
/* }}} */
@@ -831,7 +816,6 @@ PHPAPI zend_ulong mysqlnd_cset_escape_slashes(const MYSQLND_CHARSET * const cset
831816
const char *newstr_s = newstr;
832817
const char *newstr_e = newstr + 2 * escapestr_len;
833818
const char *end = escapestr + escapestr_len;
834-
bool escape_overflow = FALSE;
835819

836820
DBG_ENTER("mysqlnd_cset_escape_slashes");
837821
DBG_INF_FMT("charset=%s", cset->name);
@@ -845,11 +829,7 @@ PHPAPI zend_ulong mysqlnd_cset_escape_slashes(const MYSQLND_CHARSET * const cset
845829
if (cset->char_maxlen > 1 && (*((zend_uchar *) escapestr) > 0x80 || cset->char_minlen > 1)) {
846830
unsigned int len = cset->mb_valid(escapestr, end);
847831
if (len) {
848-
/* check possible overflow */
849-
if ((newstr + len) > newstr_e) {
850-
escape_overflow = TRUE;
851-
break;
852-
}
832+
ZEND_ASSERT(newstr + len <= newstr_e);
853833
/* copy mb char without escaping it */
854834
while (len--) {
855835
*newstr++ = *escapestr++;
@@ -882,27 +862,18 @@ PHPAPI zend_ulong mysqlnd_cset_escape_slashes(const MYSQLND_CHARSET * const cset
882862
}
883863
}
884864
if (esc) {
885-
if (newstr + 2 > newstr_e) {
886-
escape_overflow = TRUE;
887-
break;
888-
}
865+
ZEND_ASSERT(newstr + 2 <= newstr_e);
889866
/* copy escaped character */
890867
*newstr++ = '\\';
891868
*newstr++ = esc;
892869
} else {
893-
if (newstr + 1 > newstr_e) {
894-
escape_overflow = TRUE;
895-
break;
896-
}
870+
ZEND_ASSERT(newstr + 1 <= newstr_e);
897871
/* copy non escaped character */
898872
*newstr++ = *escapestr;
899873
}
900874
}
901875
*newstr = '\0';
902876

903-
if (escape_overflow) {
904-
DBG_RETURN((zend_ulong)~0);
905-
}
906877
DBG_RETURN((zend_ulong)(newstr - newstr_s));
907878
}
908879
/* }}} */

0 commit comments

Comments
 (0)