More safe guards against anomalous results (#1160)

This commit is contained in:
Jenny Tam 2020-07-20 12:58:23 -07:00 committed by GitHub
parent 61f87aacf6
commit 550a7104a4
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
6 changed files with 20 additions and 18 deletions

View file

@ -813,7 +813,7 @@ void build_connection_string_and_set_conn_attr( _Inout_ sqlsrv_conn* conn, _Inou
option = Z_STRVAL_P(auth_option);
}
if (!stricmp(option, AzureADOptions::AZURE_AUTH_AD_MSI)) {
if (option != NULL && !stricmp(option, AzureADOptions::AZURE_AUTH_AD_MSI)) {
activeDirectoryMSI = true;
// There are two types of managed identities:

View file

@ -397,7 +397,8 @@ inline void* sqlsrv_malloc( _In_ size_t element_count, _In_ size_t element_size,
DIE( "Integer overflow in sqlsrv_malloc" );
}
if( element_size * element_count + extra == 0 ) {
// safeguard against anomalous calculation or any arithmetic overflow
if( element_size * element_count + extra <= 0 ) {
DIE( "Allocation size must be more than 0" );
}

View file

@ -223,12 +223,11 @@ else {
echo "Past the end of the result set (7)\n";
$obj = sqlsrv_fetch_object( $stmt, "foo" );
if( $obj === false ) {
die( print_r( sqlsrv_errors(), true ));
print_r( sqlsrv_errors());
}
if( is_null( $obj )) {
echo "Done fetching objects.\n";
}
else {
} elseif ($obj) {
$obj->do_foo();
print_r( $obj );
}

View file

@ -227,12 +227,11 @@ else {
echo "Past the end of the result set (7)\n";
$obj = sqlsrv_fetch_object( $stmt, "foo" );
if( $obj === false ) {
die( print_r( sqlsrv_errors(), true ));
print_r( sqlsrv_errors());
}
if( is_null( $obj )) {
echo "Done fetching objects.\n";
}
else {
} elseif ($obj) {
$obj->do_foo();
print_r( $obj );
}

View file

@ -220,11 +220,11 @@ if (is_null($obj)) {
echo "Past the end of the result set (7)\n";
$obj = sqlsrv_fetch_object($stmt, "foo");
if ($obj === false) {
die(print_r(sqlsrv_errors(), true));
print_r( sqlsrv_errors());
}
if (is_null($obj)) {
echo "Done fetching objects.\n";
} else {
} elseif ($obj) {
$obj->do_foo();
print_r($obj);
}

View file

@ -13,20 +13,22 @@ if (!$conn) {
}
// Query
$stmt1 = sqlsrv_query($conn, "SELECT 'ONE'") ?: die(print_r(sqlsrv_errors(), true));
$stmt1 = sqlsrv_query($conn, "SELECT 'ONE'");
if (!$stmt1) {
print_r(sqlsrv_errors());
}
sqlsrv_fetch($stmt1);
// Query. Returns if multiple result sets are disabled
$stmt2 = sqlsrv_query($conn, "SELECT 'TWO'") ?: die(print_r(sqlsrv_errors(), true));
sqlsrv_fetch($stmt2);
// Print the data
$res = [ sqlsrv_get_field($stmt1, 0), sqlsrv_get_field($stmt2, 0) ];
var_dump($res);
$stmt2 = sqlsrv_query($conn, "SELECT 'TWO'");
if ($stmt2) {
echo "Expect case 2 to fail\n";
} else {
print_r(sqlsrv_errors());
}
// Free statement and connection resources
sqlsrv_free_stmt($stmt1);
sqlsrv_free_stmt($stmt2);
sqlsrv_close($conn);
print "Done"
@ -56,3 +58,4 @@ Array
\)
\)
Done