dprevot/php-sqlsrv
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

Addressed static code analyis issues (prefast) (#1227)

Browse source
This commit is contained in:
Jenny Tam 2021-01-04 18:28:07 -08:00 committed by GitHub
parent 53aaab847c
commit 7afe00d23a
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 22 additions and 20 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
source/shared/core_sqlsrv.h
View file

@ -1444,7 +1444,7 @@ namespace data_classification {
struct name_id_pair; struct name_id_pair;
struct sensitivity_metadata; struct sensitivity_metadata;
void name_id_pair_free(name_id_pair * pair); void name_id_pair_free(_Inout_ name_id_pair * pair);
void parse_sensitivity_name_id_pairs(_Inout_ sqlsrv_stmt* stmt, _Inout_ USHORT& numpairs, _Inout_ std::vector<name_id_pair*, sqlsrv_allocator<name_id_pair*>>* pairs, _Inout_ unsigned char **pptr); void parse_sensitivity_name_id_pairs(_Inout_ sqlsrv_stmt* stmt, _Inout_ USHORT& numpairs, _Inout_ std::vector<name_id_pair*, sqlsrv_allocator<name_id_pair*>>* pairs, _Inout_ unsigned char **pptr);
void parse_column_sensitivity_props(_Inout_ sensitivity_metadata* meta, _Inout_ unsigned char **pptr, _In_ bool getRankInfo); void parse_column_sensitivity_props(_Inout_ sensitivity_metadata* meta, _Inout_ unsigned char **pptr, _In_ bool getRankInfo);
USHORT fill_column_sensitivity_array(_Inout_ sqlsrv_stmt* stmt, _In_ SQLSMALLINT colno, _Inout_ zval *column_data); USHORT fill_column_sensitivity_array(_Inout_ sqlsrv_stmt* stmt, _In_ SQLSMALLINT colno, _Inout_ zval *column_data);

29
source/shared/core_stmt.cpp
View file

@ -2336,7 +2336,7 @@ void format_decimal_numbers(_In_ SQLSMALLINT decimals_places, _In_ SQLSMALLINT f
// //
// Check if it's a negative number and if necessary to add the leading zero // Check if it's a negative number and if necessary to add the leading zero
bool is_negative = (*field_value == '-'); short is_negative = (*field_value == '-') ? 1 : 0;
char *src = field_value + is_negative; char *src = field_value + is_negative;
bool add_leading_zero = false; bool add_leading_zero = false;
@ -2354,12 +2354,12 @@ void format_decimal_numbers(_In_ SQLSMALLINT decimals_places, _In_ SQLSMALLINT f
scale = field_scale; scale = field_scale;
} }
char buffer[50] = " "; // A buffer with two blank spaces, as leeway char buffer[50] = " "; // A buffer with TWO blank spaces, as leeway
int offset = 1 + is_negative; int offset = 1 + is_negative; // for cases like 9.* to 10.* and the minus sign if needed
int src_length = strnlen_s(src); int src_length = strnlen_s(src);
if (add_leading_zero) { if (add_leading_zero) {
buffer[offset++] = '0'; buffer[offset++] = '0'; // leading zero added
} }
// Copy the original numerical value to the buffer // Copy the original numerical value to the buffer
memcpy_s(buffer + offset, src_length, src, src_length); memcpy_s(buffer + offset, src_length, src, src_length);
@ -2375,10 +2375,11 @@ void format_decimal_numbers(_In_ SQLSMALLINT decimals_places, _In_ SQLSMALLINT f
} }
} }
// Remove the extra white space if not used // Remove the extra white space if not used. For a negative number,
char *p = buffer; // the first pos is always a space
offset = 0; offset = is_negative;
while (isspace(*p++)) { char *p = buffer + offset;
while (*p++ == ' ') {
offset++; offset++;
} }
if (is_negative) { if (is_negative) {
@ -3017,23 +3018,23 @@ void adjustDecimalPrecision(_Inout_ zval* param_z, _In_ SQLSMALLINT decimal_digi
return; return;
} }
// If std::stold() succeeds, 'idx' is the position of the first character after the numerical value // If std::stold() succeeds, 'index' is the position of the first character after the numerical value
long double d = 0; long double d = 0;
size_t idx; size_t index;
try { try {
d = std::stold(std::string(value), &idx); d = std::stold(std::string(value), &index);
} }
catch (const std::logic_error& ) { catch (const std::logic_error& ) {
return; // invalid input caused the conversion to throw an exception return; // invalid input caused the conversion to throw an exception
} }
if (idx < value_len) { if (index < value_len) {
return; // the input contains something else apart from the numerical value return; // the input contains something else apart from the numerical value
} }
// Navigate to the first digit or the decimal point // Navigate to the first digit or the decimal point
bool is_negative = (d < 0); short is_negative = (d < 0) ? 1 : 0;
char *src = value + is_negative; char *src = value + is_negative;
while (*src != DECIMAL_POINT && !isdigit(*src)) { while (*src != DECIMAL_POINT && !isdigit(static_cast<unsigned int>(*src))) {
src++; src++;
} }

11
source/shared/core_util.cpp
View file

@ -72,7 +72,7 @@ SQLCHAR SSPWARN[] = "01SSP";
// the script (sqlsrv_configure). // the script (sqlsrv_configure).
void write_to_log( _In_ unsigned int severity, _In_ const char* msg, ...) void write_to_log( _In_ unsigned int severity, _In_ const char* msg, ...)
{ {
SQLSRV_ASSERT( !(g_driver_severity == NULL), "Must register a driver checker function." ); SQLSRV_ASSERT(g_driver_severity != NULL, "Must register a driver checker function.");
if (!g_driver_severity(severity)) { if (!g_driver_severity(severity)) {
return; return;
} }
@ -491,11 +491,11 @@ namespace data_classification {
const char* ID = "id"; const char* ID = "id";
const char* RANK = "rank"; const char* RANK = "rank";
void convert_sensivity_field(_Inout_ sqlsrv_stmt* stmt, _In_ SQLSRV_ENCODING encoding, _In_ unsigned char *ptr, _In_ int len, _Inout_updates_bytes_(cchOutLen) char** field_name) void convert_sensivity_field(_Inout_ sqlsrv_stmt* stmt, _In_ SQLSRV_ENCODING encoding, _In_ unsigned char *ptr, _In_ int len, _Inout_updates_bytes_(field_name_len) char** field_name, _Out_ SQLLEN& field_name_len)
{ {
sqlsrv_malloc_auto_ptr<SQLWCHAR> temp_field_name; sqlsrv_malloc_auto_ptr<SQLWCHAR> temp_field_name;
int temp_field_len = len * sizeof(SQLWCHAR); int temp_field_len = len * sizeof(SQLWCHAR);
SQLLEN field_name_len = 0; field_name_len = 0;
if (len == 0) { if (len == 0) {
*field_name = reinterpret_cast<char*>(sqlsrv_malloc(1)); *field_name = reinterpret_cast<char*>(sqlsrv_malloc(1));
@ -538,6 +538,7 @@ namespace data_classification {
while (npairs--) { while (npairs--) {
int namelen, idlen; int namelen, idlen;
unsigned char *nameptr, *idptr; unsigned char *nameptr, *idptr;
SQLLEN field_len;
sqlsrv_malloc_auto_ptr<name_id_pair> pair; sqlsrv_malloc_auto_ptr<name_id_pair> pair;
pair = new(sqlsrv_malloc(sizeof(name_id_pair))) name_id_pair(); pair = new(sqlsrv_malloc(sizeof(name_id_pair))) name_id_pair();
@ -549,7 +550,7 @@ namespace data_classification {
nameptr = ptr; nameptr = ptr;
pair->name_len = namelen; pair->name_len = namelen;
convert_sensivity_field(stmt, encoding, nameptr, namelen, (char**)&name); convert_sensivity_field(stmt, encoding, nameptr, namelen, (char**)&name, field_len);
pair->name = name; pair->name = name;
ptr += namelen * 2; ptr += namelen * 2;
@ -558,7 +559,7 @@ namespace data_classification {
ptr += idlen * 2; ptr += idlen * 2;
pair->id_len = idlen; pair->id_len = idlen;
convert_sensivity_field(stmt, encoding, idptr, idlen, (char**)&id); convert_sensivity_field(stmt, encoding, idptr, idlen, (char**)&id, field_len);
pair->id = id; pair->id = id;
pairs->push_back(pair.get()); pairs->push_back(pair.get());