Skip to content

Avoid using uninitialised struct #12046

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 1 commit into from
Closed

Avoid using uninitialised struct #12046

wants to merge 1 commit into from

Conversation

mikhainin
Copy link
Contributor

In some scenarios, there is a possibility that PACKET_FREE will be called with an uninitialised fields_eof.
Added some sanity to avoid negative impact of such an event

@devnexen devnexen requested a review from kamil-tekiela August 25, 2023 15:55
@kamil-tekiela
Copy link
Member

What are these scenarios you mentioned?

@mikhainin
Copy link
Contributor Author

For example, in
mysqlnd_query_read_result_set_header, I can see two places where we break from the inner do..while (one, two) and fall through straight to PACKET_FREE() while the fields_eof is not yet initialised.

@kamil-tekiela
Copy link
Member

Thanks for the PR. I reviewed it now. What you are proposing is not the correct solution. We do not initialize structs with = {0} but with a dedicated constructor method. Thus it is guaranteed that the "object" will call memset and will have its methods assigned.

What you found is indeed a bug. We are calling PACKET_FREE in a path where the init_* method wasn't yet called. The solution would be to move PACKET_FREE(&fields_eof); one line above to be inside the while block.

@mikhainin mikhainin force-pushed the aviod-uninitialised-struct branch from f482695 to e312c65 Compare September 29, 2023 10:34
@mikhainin
Copy link
Contributor Author

Hi @kamil-tekiela, thank you for the comment.

I updated the PR as you were suggesting.

kamil-tekiela
kamil-tekiela reviewed Sep 29, 2023
View reviewed changes
ext/mysqlnd/mysqlnd_wireprotocol.h Outdated
@@ -34,7 +34,7 @@ PHPAPI extern const char mysqlnd_read_body_name[];
#define PACKET_FREE(packet) \
do { \
DBG_INF_FMT("PACKET_FREE(%p)", packet); \
if ((packet)->header.m->free_mem) { \
if ((packet)->header.m && (packet)->header.m->free_mem) { \
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is not needed. It is already guaranteed.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Removed

@mikhainin mikhainin force-pushed the aviod-uninitialised-struct branch from e312c65 to 140ce55 Compare September 29, 2023 19:48
@nielsdos
Copy link
Member

Looks right to me too, but hasn't been committed yet.
I'll commit this to 8.1+ so it doesn't get lost.

@nielsdos nielsdos closed this in 7e7817b Nov 25, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kamil-tekiela kamil-tekiela kamil-tekiela approved these changes

Assignees
No one assigned
Labels
Extension: mysqlnd
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@mikhainin @kamil-tekiela @nielsdos