More safe guards against anomalous results (#1160)

2020-07-20 12:58:23 -07:00 · 2020-07-20 12:58:23 -07:00 · 550a7104a4
parent 61f87aacf6
commit 550a7104a4
6 changed files with 20 additions and 18 deletions
--- a/source/shared/core_conn.cpp
+++ b/source/shared/core_conn.cpp
@ -813,7 +813,7 @@ void build_connection_string_and_set_conn_attr( _Inout_ sqlsrv_conn* conn, _Inou
                option = Z_STRVAL_P(auth_option);
            }
-            if (!stricmp(option, AzureADOptions::AZURE_AUTH_AD_MSI)) {
+            if (option != NULL && !stricmp(option, AzureADOptions::AZURE_AUTH_AD_MSI)) {
                activeDirectoryMSI = true;
                // There are two types of managed identities:
--- a/source/shared/core_sqlsrv.h
+++ b/source/shared/core_sqlsrv.h
@ -397,7 +397,8 @@ inline void* sqlsrv_malloc( _In_ size_t element_count, _In_ size_t element_size,
        DIE( "Integer overflow in sqlsrv_malloc" );
    }
-    if( element_size * element_count + extra == 0 ) {
+    // safeguard against anomalous calculation or any arithmetic overflow
    if( element_size * element_count + extra <= 0 ) {
        DIE( "Allocation size must be more than 0" );
    }
--- a/test/functional/sqlsrv/sqlsrv_fetch_object.phpt
+++ b/test/functional/sqlsrv/sqlsrv_fetch_object.phpt
@ -223,12 +223,11 @@ else {
 echo "Past the end of the result set (7)\n";
 $obj = sqlsrv_fetch_object( $stmt, "foo" );
 if( $obj === false ) {
-    die( print_r( sqlsrv_errors(), true ));
+    print_r( sqlsrv_errors());
 }
 if( is_null( $obj )) {
    echo "Done fetching objects.\n";        
-}
+} elseif ($obj) {
 else {
    $obj->do_foo();
    print_r( $obj );
 }
--- a/test/functional/sqlsrv/sqlsrv_fetch_object_2.phpt
+++ b/test/functional/sqlsrv/sqlsrv_fetch_object_2.phpt
@ -227,12 +227,11 @@ else {
 echo "Past the end of the result set (7)\n";
 $obj = sqlsrv_fetch_object( $stmt, "foo" );
 if( $obj === false ) {
-    die( print_r( sqlsrv_errors(), true ));
+    print_r( sqlsrv_errors());
 }
 if( is_null( $obj )) {
    echo "Done fetching objects.\n";        
-}
+} elseif ($obj) {
 else {
    $obj->do_foo();
    print_r( $obj );
 }
--- a/test/functional/sqlsrv/sqlsrv_fetch_object_unicode_col_name1.phpt
+++ b/test/functional/sqlsrv/sqlsrv_fetch_object_unicode_col_name1.phpt
@ -220,11 +220,11 @@ if (is_null($obj)) {
 echo "Past the end of the result set (7)\n";
 $obj = sqlsrv_fetch_object($stmt, "foo");
 if ($obj === false) {
-    die(print_r(sqlsrv_errors(), true));
+    print_r( sqlsrv_errors());
 }
 if (is_null($obj)) {
    echo "Done fetching objects.\n";
-} else {
+} elseif ($obj) {
    $obj->do_foo();
    print_r($obj);
 }
--- a/test/functional/sqlsrv/srv_053_mars_disabled_error_checks.phpt
+++ b/test/functional/sqlsrv/srv_053_mars_disabled_error_checks.phpt
@ -13,20 +13,22 @@ if (!$conn) {
 }
 // Query
-$stmt1 = sqlsrv_query($conn, "SELECT 'ONE'") ?: die(print_r(sqlsrv_errors(), true));
+$stmt1 = sqlsrv_query($conn, "SELECT 'ONE'");
 if (!$stmt1) {
    print_r(sqlsrv_errors());
 }
 sqlsrv_fetch($stmt1);
 // Query. Returns if multiple result sets are disabled
-$stmt2 = sqlsrv_query($conn, "SELECT 'TWO'") ?: die(print_r(sqlsrv_errors(), true));
+$stmt2 = sqlsrv_query($conn, "SELECT 'TWO'");
-sqlsrv_fetch($stmt2);
+if ($stmt2) {
-
+    echo "Expect case 2 to fail\n";
-// Print the data
+} else {
-$res = [ sqlsrv_get_field($stmt1, 0), sqlsrv_get_field($stmt2, 0) ];
+    print_r(sqlsrv_errors());
-var_dump($res);
+}
 // Free statement and connection resources
 sqlsrv_free_stmt($stmt1);
 sqlsrv_free_stmt($stmt2);
 sqlsrv_close($conn);
 print "Done"
@ -56,3 +58,4 @@ Array
        \)
 \)
 Done