From 4241d1ebd833703fd08c7523513e27aad79821ec Mon Sep 17 00:00:00 2001 From: Gina Peter Banyard Date: Mon, 16 Dec 2024 23:47:52 +0000 Subject: [PATCH 1/3] ext/mysqlnd: Refactor usage of strlcpy() The two calls that MySQLnd does to this handler all pass a buffer the same size as the error_msg field Thus we know that we can just memcpy the error message into the buffer. --- ext/mysqlnd/mysqlnd_loaddata.c | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/ext/mysqlnd/mysqlnd_loaddata.c b/ext/mysqlnd/mysqlnd_loaddata.c index a71b70e055f3d..11de7a185c641 100644 --- a/ext/mysqlnd/mysqlnd_loaddata.c +++ b/ext/mysqlnd/mysqlnd_loaddata.c @@ -65,11 +65,10 @@ static int mysqlnd_local_infile_read(void * ptr, zend_uchar * buf, unsigned int buf_len) { MYSQLND_INFILE_INFO *info = (MYSQLND_INFILE_INFO *)ptr; - int count; DBG_ENTER("mysqlnd_local_infile_read"); - count = (int) php_stream_read(info->fd, (char *) buf, buf_len); + ssize_t count = php_stream_read(info->fd, (char *) buf, buf_len); if (count < 0) { strcpy(info->error_msg, "Error reading file"); @@ -90,12 +89,16 @@ int mysqlnd_local_infile_error(void * ptr, char *error_buf, unsigned int error_b DBG_ENTER("mysqlnd_local_infile_error"); if (info) { - strlcpy(error_buf, info->error_msg, error_buf_len); + size_t error_msg_len_with_null_byte = strlen(info->error_msg) + 1; + ZEND_ASSERT(error_buf_len >= error_msg_len_with_null_byte); + + memcpy(error_buf, info->error_msg, error_msg_len_with_null_byte); DBG_INF_FMT("have info, %d", info->error_no); DBG_RETURN(info->error_no); } - strlcpy(error_buf, "Unknown error", error_buf_len); + ZEND_ASSERT(error_buf_len >= sizeof("Unknown error")); + memcpy(error_buf, "Unknown error", sizeof("Unknown error")); DBG_INF_FMT("no info, %d", CR_UNKNOWN_ERROR); DBG_RETURN(CR_UNKNOWN_ERROR); } From 3de3ab3738dc95c40620464df9ab345b72ca41e6 Mon Sep 17 00:00:00 2001 From: Gina Peter Banyard Date: Tue, 17 Dec 2024 13:30:27 +0000 Subject: [PATCH 2/3] use strcpy --- ext/mysqlnd/mysqlnd_loaddata.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ext/mysqlnd/mysqlnd_loaddata.c b/ext/mysqlnd/mysqlnd_loaddata.c index 11de7a185c641..7610b54a505cb 100644 --- a/ext/mysqlnd/mysqlnd_loaddata.c +++ b/ext/mysqlnd/mysqlnd_loaddata.c @@ -98,7 +98,7 @@ int mysqlnd_local_infile_error(void * ptr, char *error_buf, unsigned int error_b } ZEND_ASSERT(error_buf_len >= sizeof("Unknown error")); - memcpy(error_buf, "Unknown error", sizeof("Unknown error")); + strcpy(error_buf, "Unknown error"); DBG_INF_FMT("no info, %d", CR_UNKNOWN_ERROR); DBG_RETURN(CR_UNKNOWN_ERROR); } From d428e80f2ebf9a27174b97781bf023f92b456c9b Mon Sep 17 00:00:00 2001 From: Gina Peter Banyard Date: Fri, 27 Dec 2024 15:31:31 +0000 Subject: [PATCH 3/3] Revert int to ssize_t type change, but add TODO --- ext/mysqlnd/mysqlnd_loaddata.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/ext/mysqlnd/mysqlnd_loaddata.c b/ext/mysqlnd/mysqlnd_loaddata.c index 7610b54a505cb..ba2dabf95a2c5 100644 --- a/ext/mysqlnd/mysqlnd_loaddata.c +++ b/ext/mysqlnd/mysqlnd_loaddata.c @@ -68,7 +68,8 @@ int mysqlnd_local_infile_read(void * ptr, zend_uchar * buf, unsigned int buf_len DBG_ENTER("mysqlnd_local_infile_read"); - ssize_t count = php_stream_read(info->fd, (char *) buf, buf_len); + // TODO Change this, and the return type of the function to ssize_t + int count = (int) php_stream_read(info->fd, (char *) buf, buf_len); if (count < 0) { strcpy(info->error_msg, "Error reading file");