xref: /PHP-8.3/ext/mysqlnd/mysqlnd_ps_codec.c (revision 732d92c0)
1 /*
2   +----------------------------------------------------------------------+
3   | Copyright (c) The PHP Group                                          |
4   +----------------------------------------------------------------------+
5   | This source file is subject to version 3.01 of the PHP license,      |
6   | that is bundled with this package in the file LICENSE, and is        |
7   | available through the world-wide-web at the following url:           |
8   | https://www.php.net/license/3_01.txt                                 |
9   | If you did not receive a copy of the PHP license and are unable to   |
10   | obtain it through the world-wide-web, please send a note to          |
11   | license@php.net so we can mail you a copy immediately.               |
12   +----------------------------------------------------------------------+
13   | Authors: Andrey Hristov <andrey@php.net>                             |
14   |          Ulf Wendel <uw@php.net>                                     |
15   +----------------------------------------------------------------------+
16 */
17 
18 #include <math.h>
19 #include "php.h"
20 #include "mysqlnd.h"
21 #include "mysqlnd_wireprotocol.h"
22 #include "mysqlnd_connection.h"
23 #include "mysqlnd_ps.h"
24 #include "mysqlnd_priv.h"
25 #include "mysqlnd_debug.h"
26 #include "mysql_float_to_double.h"
27 
28 
29 enum mysqlnd_timestamp_type
30 {
31   MYSQLND_TIMESTAMP_NONE= -2,
32   MYSQLND_TIMESTAMP_ERROR= -1,
33   MYSQLND_TIMESTAMP_DATE= 0,
34   MYSQLND_TIMESTAMP_DATETIME= 1,
35   MYSQLND_TIMESTAMP_TIME= 2
36 };
37 
38 
39 struct st_mysqlnd_time
40 {
41   unsigned int  year, month, day, hour, minute, second;
42   zend_ulong second_part;
43   bool     neg;
44   enum mysqlnd_timestamp_type time_type;
45 };
46 
47 
48 struct st_mysqlnd_perm_bind mysqlnd_ps_fetch_functions[MYSQL_TYPE_LAST + 1];
49 
50 #define MYSQLND_PS_SKIP_RESULT_W_LEN	-1
51 #define MYSQLND_PS_SKIP_RESULT_STR		-2
52 
53 /* {{{ ps_fetch_from_1_to_8_bytes */
54 void
ps_fetch_from_1_to_8_bytes(zval * zv,const MYSQLND_FIELD * const field,const unsigned int pack_len,const zend_uchar ** row,unsigned int byte_count)55 ps_fetch_from_1_to_8_bytes(zval * zv, const MYSQLND_FIELD * const field, const unsigned int pack_len,
56 						   const zend_uchar ** row, unsigned int byte_count)
57 {
58 	bool is_bit = field->type == MYSQL_TYPE_BIT;
59 	DBG_ENTER("ps_fetch_from_1_to_8_bytes");
60 	DBG_INF_FMT("zv=%p byte_count=%u", zv, byte_count);
61 	if (field->flags & UNSIGNED_FLAG) {
62 		uint64_t uval = 0;
63 
64 		switch (byte_count) {
65 			case 8:uval = is_bit? (uint64_t) bit_uint8korr(*row):(uint64_t) uint8korr(*row);break;
66 			case 7:uval = bit_uint7korr(*row);break;
67 			case 6:uval = bit_uint6korr(*row);break;
68 			case 5:uval = bit_uint5korr(*row);break;
69 			case 4:uval = is_bit? (uint64_t) bit_uint4korr(*row):(uint64_t) uint4korr(*row);break;
70 			case 3:uval = is_bit? (uint64_t) bit_uint3korr(*row):(uint64_t) uint3korr(*row);break;
71 			case 2:uval = is_bit? (uint64_t) bit_uint2korr(*row):(uint64_t) uint2korr(*row);break;
72 			case 1:uval = (uint64_t) uint1korr(*row);break;
73 		}
74 
75 		if (field->flags & ZEROFILL_FLAG) {
76 			DBG_INF("stringify due to zerofill");
77 			ZVAL_STR(zv, zend_strpprintf(0, "%0*" PRIu64, (int) field->length, uval));
78 		} else
79 #if SIZEOF_ZEND_LONG==4
80 		if (uval > INT_MAX) {
81 			DBG_INF("stringify");
82 			ZVAL_STR(zv, zend_u64_to_str(uval));
83 		} else
84 #endif /* #if SIZEOF_LONG==4 */
85 		{
86 			if (byte_count < 8 || uval <= L64(9223372036854775807)) {
87 				ZVAL_LONG(zv, (zend_long) uval); /* the cast is safe, we are in the range */
88 			} else {
89 				DBG_INF("stringify");
90 				ZVAL_STR(zv, zend_u64_to_str(uval));
91 			}
92 		}
93 	} else {
94 		/* SIGNED */
95 		int64_t lval = 0;
96 		switch (byte_count) {
97 			case 8:lval = (int64_t) sint8korr(*row);break;
98 			/*
99 			  7, 6 and 5 are not possible.
100 			  BIT is only unsigned, thus only uint5|6|7 macros exist
101 			*/
102 			case 4:lval = (int64_t) sint4korr(*row);break;
103 			case 3:lval = (int64_t) sint3korr(*row);break;
104 			case 2:lval = (int64_t) sint2korr(*row);break;
105 			case 1:lval = (int64_t) *(int8_t*)*row;break;
106 		}
107 
108 #if SIZEOF_ZEND_LONG==4
109 		if ((L64(2147483647) < (int64_t) lval) || (L64(-2147483648) > (int64_t) lval)) {
110 			DBG_INF("stringify");
111 			ZVAL_STR(zv, zend_i64_to_str(lval));
112 		} else
113 #endif /* SIZEOF */
114 		{
115 			ZVAL_LONG(zv, (zend_long) lval); /* the cast is safe, we are in the range */
116 		}
117 	}
118 
119 	(*row)+= byte_count;
120 	DBG_VOID_RETURN;
121 }
122 /* }}} */
123 
124 
125 /* {{{ ps_fetch_null */
126 static void
ps_fetch_null(zval * zv,const MYSQLND_FIELD * const field,const unsigned int pack_len,const zend_uchar ** row)127 ps_fetch_null(zval *zv, const MYSQLND_FIELD * const field, const unsigned int pack_len, const zend_uchar ** row)
128 {
129 	ZVAL_NULL(zv);
130 }
131 /* }}} */
132 
133 
134 /* {{{ ps_fetch_int8 */
135 static void
ps_fetch_int8(zval * zv,const MYSQLND_FIELD * const field,const unsigned int pack_len,const zend_uchar ** row)136 ps_fetch_int8(zval * zv, const MYSQLND_FIELD * const field, const unsigned int pack_len, const zend_uchar ** row)
137 {
138 	ps_fetch_from_1_to_8_bytes(zv, field, pack_len, row, 1);
139 }
140 /* }}} */
141 
142 
143 /* {{{ ps_fetch_int16 */
144 static void
ps_fetch_int16(zval * zv,const MYSQLND_FIELD * const field,const unsigned int pack_len,const zend_uchar ** row)145 ps_fetch_int16(zval * zv, const MYSQLND_FIELD * const field, const unsigned int pack_len, const zend_uchar ** row)
146 {
147 	ps_fetch_from_1_to_8_bytes(zv, field, pack_len, row, 2);
148 }
149 /* }}} */
150 
151 
152 /* {{{ ps_fetch_int32 */
153 static void
ps_fetch_int32(zval * zv,const MYSQLND_FIELD * const field,const unsigned int pack_len,const zend_uchar ** row)154 ps_fetch_int32(zval * zv, const MYSQLND_FIELD * const field, const unsigned int pack_len, const zend_uchar ** row)
155 {
156 	ps_fetch_from_1_to_8_bytes(zv, field, pack_len, row, 4);
157 }
158 /* }}} */
159 
160 
161 /* {{{ ps_fetch_int64 */
162 static void
ps_fetch_int64(zval * zv,const MYSQLND_FIELD * const field,const unsigned int pack_len,const zend_uchar ** row)163 ps_fetch_int64(zval * zv, const MYSQLND_FIELD * const field, const unsigned int pack_len, const zend_uchar ** row)
164 {
165 	ps_fetch_from_1_to_8_bytes(zv, field, pack_len, row, 8);
166 }
167 /* }}} */
168 
169 
170 /* {{{ ps_fetch_float */
171 static void
ps_fetch_float(zval * zv,const MYSQLND_FIELD * const field,const unsigned int pack_len,const zend_uchar ** row)172 ps_fetch_float(zval * zv, const MYSQLND_FIELD * const field, const unsigned int pack_len, const zend_uchar ** row)
173 {
174 	float fval;
175 	double dval;
176 	DBG_ENTER("ps_fetch_float");
177 	float4get(fval, *row);
178 	(*row)+= 4;
179 	DBG_INF_FMT("value=%f", fval);
180 
181 #ifndef NOT_FIXED_DEC
182 # define NOT_FIXED_DEC 31
183 #endif
184 
185 	dval = mysql_float_to_double(fval, (field->decimals >= NOT_FIXED_DEC) ? -1 : (int)field->decimals);
186 
187 	ZVAL_DOUBLE(zv, dval);
188 	DBG_VOID_RETURN;
189 }
190 /* }}} */
191 
192 
193 /* {{{ ps_fetch_double */
194 static void
ps_fetch_double(zval * zv,const MYSQLND_FIELD * const field,const unsigned int pack_len,const zend_uchar ** row)195 ps_fetch_double(zval * zv, const MYSQLND_FIELD * const field, const unsigned int pack_len, const zend_uchar ** row)
196 {
197 	double value;
198 	DBG_ENTER("ps_fetch_double");
199 	float8get(value, *row);
200 	ZVAL_DOUBLE(zv, value);
201 	(*row)+= 8;
202 	DBG_INF_FMT("value=%f", value);
203 	DBG_VOID_RETURN;
204 }
205 /* }}} */
206 
207 
208 /* {{{ ps_fetch_time */
209 static void
ps_fetch_time(zval * zv,const MYSQLND_FIELD * const field,const unsigned int pack_len,const zend_uchar ** row)210 ps_fetch_time(zval * zv, const MYSQLND_FIELD * const field, const unsigned int pack_len, const zend_uchar ** row)
211 {
212 	struct st_mysqlnd_time t;
213 	zend_ulong length; /* First byte encodes the length */
214 	DBG_ENTER("ps_fetch_time");
215 
216 	if ((length = php_mysqlnd_net_field_length(row))) {
217 		const zend_uchar * to = *row;
218 
219 		t.time_type = MYSQLND_TIMESTAMP_TIME;
220 		t.neg			= (bool) to[0];
221 
222 		t.day			= (zend_ulong) sint4korr(to+1);
223 		t.hour			= (unsigned int) to[5];
224 		t.minute		= (unsigned int) to[6];
225 		t.second		= (unsigned int) to[7];
226 		t.second_part	= (length > 8) ? (zend_ulong) sint4korr(to+8) : 0;
227 		t.year			= t.month= 0;
228 		if (t.day) {
229 			/* Convert days to hours at once */
230 			t.hour += t.day*24;
231 			t.day	= 0;
232 		}
233 
234 		(*row) += length;
235 	} else {
236 		memset(&t, 0, sizeof(t));
237 		t.time_type = MYSQLND_TIMESTAMP_TIME;
238 	}
239 
240 	if (field->decimals > 0 && field->decimals < 7) {
241 		ZVAL_STR(zv, zend_strpprintf(0, "%s%02u:%02u:%02u.%0*u",
242 			(t.neg ? "-" : ""), t.hour, t.minute, t.second, field->decimals,
243 			(uint32_t) (t.second_part / pow(10, 6 - field->decimals))));
244 	} else {
245 		 ZVAL_STR(zv, zend_strpprintf(0, "%s%02u:%02u:%02u",
246 			(t.neg ? "-" : ""), t.hour, t.minute, t.second));
247 	}
248 	DBG_VOID_RETURN;
249 }
250 /* }}} */
251 
252 
253 /* {{{ ps_fetch_date */
254 static void
ps_fetch_date(zval * zv,const MYSQLND_FIELD * const field,const unsigned int pack_len,const zend_uchar ** row)255 ps_fetch_date(zval * zv, const MYSQLND_FIELD * const field, const unsigned int pack_len, const zend_uchar ** row)
256 {
257 	struct st_mysqlnd_time t = {0};
258 	zend_ulong length; /* First byte encodes the length*/
259 	DBG_ENTER("ps_fetch_date");
260 
261 	if ((length = php_mysqlnd_net_field_length(row))) {
262 		const zend_uchar * to = *row;
263 
264 		t.time_type = MYSQLND_TIMESTAMP_DATE;
265 		t.neg = 0;
266 
267 		t.second_part = t.hour = t.minute = t.second = 0;
268 
269 		t.year	= (unsigned int) sint2korr(to);
270 		t.month = (unsigned int) to[2];
271 		t.day	= (unsigned int) to[3];
272 
273 		(*row)+= length;
274 	} else {
275 		memset(&t, 0, sizeof(t));
276 		t.time_type = MYSQLND_TIMESTAMP_DATE;
277 	}
278 
279 	ZVAL_STR(zv, zend_strpprintf(0, "%04u-%02u-%02u", t.year, t.month, t.day));
280 	DBG_VOID_RETURN;
281 }
282 /* }}} */
283 
284 
285 /* {{{ ps_fetch_datetime */
286 static void
ps_fetch_datetime(zval * zv,const MYSQLND_FIELD * const field,const unsigned int pack_len,const zend_uchar ** row)287 ps_fetch_datetime(zval * zv, const MYSQLND_FIELD * const field, const unsigned int pack_len, const zend_uchar ** row)
288 {
289 	struct st_mysqlnd_time t;
290 	zend_ulong length; /* First byte encodes the length*/
291 	DBG_ENTER("ps_fetch_datetime");
292 
293 	if ((length = php_mysqlnd_net_field_length(row))) {
294 		const zend_uchar * to = *row;
295 
296 		t.time_type = MYSQLND_TIMESTAMP_DATETIME;
297 		t.neg = 0;
298 
299 		t.year	 = (unsigned int) sint2korr(to);
300 		t.month = (unsigned int) to[2];
301 		t.day	 = (unsigned int) to[3];
302 
303 		if (length > 4) {
304 			t.hour	 = (unsigned int) to[4];
305 			t.minute = (unsigned int) to[5];
306 			t.second = (unsigned int) to[6];
307 		} else {
308 			t.hour = t.minute = t.second= 0;
309 		}
310 		t.second_part = (length > 7) ? (zend_ulong) sint4korr(to+7) : 0;
311 
312 		(*row)+= length;
313 	} else {
314 		memset(&t, 0, sizeof(t));
315 		t.time_type = MYSQLND_TIMESTAMP_DATETIME;
316 	}
317 
318 	if (field->decimals > 0 && field->decimals < 7) {
319 		ZVAL_STR(zv, zend_strpprintf(0, "%04u-%02u-%02u %02u:%02u:%02u.%0*u",
320 			t.year, t.month, t.day, t.hour, t.minute, t.second, field->decimals,
321 			(uint32_t) (t.second_part / pow(10, 6 - field->decimals))));
322 	} else {
323 		ZVAL_STR(zv,  zend_strpprintf(0, "%04u-%02u-%02u %02u:%02u:%02u",
324 			t.year, t.month, t.day, t.hour, t.minute, t.second));
325 	}
326 	DBG_VOID_RETURN;
327 }
328 /* }}} */
329 
330 
331 /* {{{ ps_fetch_string */
332 static void
ps_fetch_string(zval * zv,const MYSQLND_FIELD * const field,const unsigned int pack_len,const zend_uchar ** row)333 ps_fetch_string(zval * zv, const MYSQLND_FIELD * const field, const unsigned int pack_len, const zend_uchar ** row)
334 {
335 	const zend_ulong length = php_mysqlnd_net_field_length(row);
336 	DBG_ENTER("ps_fetch_string");
337 	DBG_INF_FMT("len = " ZEND_ULONG_FMT, length);
338 	DBG_INF("copying from the row buffer");
339 	ZVAL_STRINGL_FAST(zv, (char *)*row, length);
340 
341 	(*row) += length;
342 	DBG_VOID_RETURN;
343 }
344 /* }}} */
345 
346 
347 /* {{{ ps_fetch_bit */
348 static void
ps_fetch_bit(zval * zv,const MYSQLND_FIELD * const field,const unsigned int pack_len,const zend_uchar ** row)349 ps_fetch_bit(zval * zv, const MYSQLND_FIELD * const field, const unsigned int pack_len, const zend_uchar ** row)
350 {
351 	const zend_ulong length = php_mysqlnd_net_field_length(row);
352 	ps_fetch_from_1_to_8_bytes(zv, field, pack_len, row, length);
353 }
354 /* }}} */
355 
356 
357 /* {{{ _mysqlnd_init_ps_fetch_subsystem */
_mysqlnd_init_ps_fetch_subsystem(void)358 void _mysqlnd_init_ps_fetch_subsystem(void)
359 {
360 	memset(mysqlnd_ps_fetch_functions, 0, sizeof(mysqlnd_ps_fetch_functions));
361 	mysqlnd_ps_fetch_functions[MYSQL_TYPE_NULL].func		= ps_fetch_null;
362 	mysqlnd_ps_fetch_functions[MYSQL_TYPE_NULL].pack_len	= 0;
363 	mysqlnd_ps_fetch_functions[MYSQL_TYPE_NULL].php_type	= IS_NULL;
364 
365 	mysqlnd_ps_fetch_functions[MYSQL_TYPE_TINY].func		= ps_fetch_int8;
366 	mysqlnd_ps_fetch_functions[MYSQL_TYPE_TINY].pack_len	= 1;
367 	mysqlnd_ps_fetch_functions[MYSQL_TYPE_TINY].php_type	= IS_LONG;
368 
369 	mysqlnd_ps_fetch_functions[MYSQL_TYPE_SHORT].func		= ps_fetch_int16;
370 	mysqlnd_ps_fetch_functions[MYSQL_TYPE_SHORT].pack_len	= 2;
371 	mysqlnd_ps_fetch_functions[MYSQL_TYPE_SHORT].php_type	= IS_LONG;
372 
373 	mysqlnd_ps_fetch_functions[MYSQL_TYPE_YEAR].func		= ps_fetch_int16;
374 	mysqlnd_ps_fetch_functions[MYSQL_TYPE_YEAR].pack_len	= 2;
375 	mysqlnd_ps_fetch_functions[MYSQL_TYPE_YEAR].php_type	= IS_LONG;
376 
377 	mysqlnd_ps_fetch_functions[MYSQL_TYPE_INT24].func		= ps_fetch_int32;
378 	mysqlnd_ps_fetch_functions[MYSQL_TYPE_INT24].pack_len	= 4;
379 	mysqlnd_ps_fetch_functions[MYSQL_TYPE_INT24].php_type	= IS_LONG;
380 
381 	mysqlnd_ps_fetch_functions[MYSQL_TYPE_LONG].func		= ps_fetch_int32;
382 	mysqlnd_ps_fetch_functions[MYSQL_TYPE_LONG].pack_len	= 4;
383 	mysqlnd_ps_fetch_functions[MYSQL_TYPE_LONG].php_type	= IS_LONG;
384 
385 	mysqlnd_ps_fetch_functions[MYSQL_TYPE_LONGLONG].func	= ps_fetch_int64;
386 	mysqlnd_ps_fetch_functions[MYSQL_TYPE_LONGLONG].pack_len= 8;
387 	mysqlnd_ps_fetch_functions[MYSQL_TYPE_LONGLONG].php_type= IS_LONG;
388 
389 	mysqlnd_ps_fetch_functions[MYSQL_TYPE_FLOAT].func		= ps_fetch_float;
390 	mysqlnd_ps_fetch_functions[MYSQL_TYPE_FLOAT].pack_len	= 4;
391 	mysqlnd_ps_fetch_functions[MYSQL_TYPE_FLOAT].php_type	= IS_DOUBLE;
392 
393 	mysqlnd_ps_fetch_functions[MYSQL_TYPE_DOUBLE].func		= ps_fetch_double;
394 	mysqlnd_ps_fetch_functions[MYSQL_TYPE_DOUBLE].pack_len	= 8;
395 	mysqlnd_ps_fetch_functions[MYSQL_TYPE_DOUBLE].php_type	= IS_DOUBLE;
396 
397 	mysqlnd_ps_fetch_functions[MYSQL_TYPE_TIME].func		= ps_fetch_time;
398 	mysqlnd_ps_fetch_functions[MYSQL_TYPE_TIME].pack_len	= MYSQLND_PS_SKIP_RESULT_W_LEN;
399 	mysqlnd_ps_fetch_functions[MYSQL_TYPE_TIME].php_type	= IS_STRING;
400 
401 	mysqlnd_ps_fetch_functions[MYSQL_TYPE_DATE].func		= ps_fetch_date;
402 	mysqlnd_ps_fetch_functions[MYSQL_TYPE_DATE].pack_len	= MYSQLND_PS_SKIP_RESULT_W_LEN;
403 	mysqlnd_ps_fetch_functions[MYSQL_TYPE_DATE].php_type	= IS_STRING;
404 
405 	mysqlnd_ps_fetch_functions[MYSQL_TYPE_NEWDATE].func		= ps_fetch_string;
406 	mysqlnd_ps_fetch_functions[MYSQL_TYPE_NEWDATE].pack_len	= MYSQLND_PS_SKIP_RESULT_W_LEN;
407 	mysqlnd_ps_fetch_functions[MYSQL_TYPE_NEWDATE].php_type	= IS_STRING;
408 
409 	mysqlnd_ps_fetch_functions[MYSQL_TYPE_DATETIME].func	= ps_fetch_datetime;
410 	mysqlnd_ps_fetch_functions[MYSQL_TYPE_DATETIME].pack_len= MYSQLND_PS_SKIP_RESULT_W_LEN;
411 	mysqlnd_ps_fetch_functions[MYSQL_TYPE_DATETIME].php_type= IS_STRING;
412 
413 	mysqlnd_ps_fetch_functions[MYSQL_TYPE_TIMESTAMP].func	= ps_fetch_datetime;
414 	mysqlnd_ps_fetch_functions[MYSQL_TYPE_TIMESTAMP].pack_len= MYSQLND_PS_SKIP_RESULT_W_LEN;
415 	mysqlnd_ps_fetch_functions[MYSQL_TYPE_TIMESTAMP].php_type= IS_STRING;
416 
417 	mysqlnd_ps_fetch_functions[MYSQL_TYPE_JSON].func	= ps_fetch_string;
418 	mysqlnd_ps_fetch_functions[MYSQL_TYPE_JSON].pack_len= MYSQLND_PS_SKIP_RESULT_STR;
419 	mysqlnd_ps_fetch_functions[MYSQL_TYPE_JSON].php_type = IS_STRING;
420 
421 	mysqlnd_ps_fetch_functions[MYSQL_TYPE_TINY_BLOB].func	= ps_fetch_string;
422 	mysqlnd_ps_fetch_functions[MYSQL_TYPE_TINY_BLOB].pack_len= MYSQLND_PS_SKIP_RESULT_STR;
423 	mysqlnd_ps_fetch_functions[MYSQL_TYPE_TINY_BLOB].php_type = IS_STRING;
424 
425 	mysqlnd_ps_fetch_functions[MYSQL_TYPE_BLOB].func		= ps_fetch_string;
426 	mysqlnd_ps_fetch_functions[MYSQL_TYPE_BLOB].pack_len	= MYSQLND_PS_SKIP_RESULT_STR;
427 	mysqlnd_ps_fetch_functions[MYSQL_TYPE_BLOB].php_type	= IS_STRING;
428 
429 	mysqlnd_ps_fetch_functions[MYSQL_TYPE_MEDIUM_BLOB].func		= ps_fetch_string;
430 	mysqlnd_ps_fetch_functions[MYSQL_TYPE_MEDIUM_BLOB].pack_len	= MYSQLND_PS_SKIP_RESULT_STR;
431 	mysqlnd_ps_fetch_functions[MYSQL_TYPE_MEDIUM_BLOB].php_type	= IS_STRING;
432 
433 	mysqlnd_ps_fetch_functions[MYSQL_TYPE_LONG_BLOB].func		= ps_fetch_string;
434 	mysqlnd_ps_fetch_functions[MYSQL_TYPE_LONG_BLOB].pack_len	= MYSQLND_PS_SKIP_RESULT_STR;
435 	mysqlnd_ps_fetch_functions[MYSQL_TYPE_LONG_BLOB].php_type	= IS_STRING;
436 
437 	mysqlnd_ps_fetch_functions[MYSQL_TYPE_BIT].func		= ps_fetch_bit;
438 	mysqlnd_ps_fetch_functions[MYSQL_TYPE_BIT].pack_len	= 8;
439 	mysqlnd_ps_fetch_functions[MYSQL_TYPE_BIT].php_type	= IS_LONG;
440 
441 	mysqlnd_ps_fetch_functions[MYSQL_TYPE_VAR_STRING].func		= ps_fetch_string;
442 	mysqlnd_ps_fetch_functions[MYSQL_TYPE_VAR_STRING].pack_len	= MYSQLND_PS_SKIP_RESULT_STR;
443 	mysqlnd_ps_fetch_functions[MYSQL_TYPE_VAR_STRING].php_type = IS_STRING;
444 
445 	mysqlnd_ps_fetch_functions[MYSQL_TYPE_VARCHAR].func		= ps_fetch_string;
446 	mysqlnd_ps_fetch_functions[MYSQL_TYPE_VARCHAR].pack_len	= MYSQLND_PS_SKIP_RESULT_STR;
447 	mysqlnd_ps_fetch_functions[MYSQL_TYPE_VARCHAR].php_type	= IS_STRING;
448 
449 	mysqlnd_ps_fetch_functions[MYSQL_TYPE_STRING].func			= ps_fetch_string;
450 	mysqlnd_ps_fetch_functions[MYSQL_TYPE_STRING].pack_len		= MYSQLND_PS_SKIP_RESULT_STR;
451 	mysqlnd_ps_fetch_functions[MYSQL_TYPE_STRING].php_type	= IS_STRING;
452 
453 	mysqlnd_ps_fetch_functions[MYSQL_TYPE_DECIMAL].func		= ps_fetch_string;
454 	mysqlnd_ps_fetch_functions[MYSQL_TYPE_DECIMAL].pack_len	= MYSQLND_PS_SKIP_RESULT_STR;
455 	mysqlnd_ps_fetch_functions[MYSQL_TYPE_DECIMAL].php_type	= IS_STRING;
456 
457 	mysqlnd_ps_fetch_functions[MYSQL_TYPE_NEWDECIMAL].func		= ps_fetch_string;
458 	mysqlnd_ps_fetch_functions[MYSQL_TYPE_NEWDECIMAL].pack_len	= MYSQLND_PS_SKIP_RESULT_STR;
459 	mysqlnd_ps_fetch_functions[MYSQL_TYPE_NEWDECIMAL].php_type	= IS_STRING;
460 
461 	mysqlnd_ps_fetch_functions[MYSQL_TYPE_ENUM].func		= ps_fetch_string;
462 	mysqlnd_ps_fetch_functions[MYSQL_TYPE_ENUM].pack_len	= MYSQLND_PS_SKIP_RESULT_STR;
463 	mysqlnd_ps_fetch_functions[MYSQL_TYPE_ENUM].php_type	= IS_STRING;
464 
465 	mysqlnd_ps_fetch_functions[MYSQL_TYPE_SET].func			= ps_fetch_string;
466 	mysqlnd_ps_fetch_functions[MYSQL_TYPE_SET].pack_len		= MYSQLND_PS_SKIP_RESULT_STR;
467 	mysqlnd_ps_fetch_functions[MYSQL_TYPE_SET].php_type		= IS_STRING;
468 
469 	mysqlnd_ps_fetch_functions[MYSQL_TYPE_GEOMETRY].func	= ps_fetch_string;
470 	mysqlnd_ps_fetch_functions[MYSQL_TYPE_GEOMETRY].pack_len= MYSQLND_PS_SKIP_RESULT_STR;
471 	mysqlnd_ps_fetch_functions[MYSQL_TYPE_GEOMETRY].php_type= IS_STRING;
472 }
473 /* }}} */
474 
475 
476 /* {{{ mysqlnd_stmt_copy_it */
477 static enum_func_status
mysqlnd_stmt_copy_it(zval ** copies,zval * original,unsigned int param_count,unsigned int current)478 mysqlnd_stmt_copy_it(zval ** copies, zval * original, unsigned int param_count, unsigned int current)
479 {
480 	if (!*copies) {
481 		*copies = mnd_ecalloc(param_count, sizeof(zval));
482 	}
483 	if (*copies) {
484 		ZVAL_COPY(&(*copies)[current], original);
485 		return PASS;
486 	}
487 	return FAIL;
488 }
489 /* }}} */
490 
491 
492 /* {{{ mysqlnd_stmt_free_copies */
493 static void
mysqlnd_stmt_free_copies(MYSQLND_STMT_DATA * stmt,zval * copies)494 mysqlnd_stmt_free_copies(MYSQLND_STMT_DATA * stmt, zval *copies)
495 {
496 	if (copies) {
497 		unsigned int i;
498 		for (i = 0; i < stmt->param_count; i++) {
499 			zval_ptr_dtor(&copies[i]);
500 		}
501 		mnd_efree(copies);
502 	}
503 }
504 /* }}} */
505 
506 
507 /* {{{ mysqlnd_stmt_execute_check_n_enlarge_buffer */
508 static enum_func_status
mysqlnd_stmt_execute_check_n_enlarge_buffer(zend_uchar ** buf,zend_uchar ** p,size_t * buf_len,zend_uchar * const provided_buffer,size_t needed_bytes)509 mysqlnd_stmt_execute_check_n_enlarge_buffer(zend_uchar **buf, zend_uchar **p, size_t * buf_len, zend_uchar * const provided_buffer, size_t needed_bytes)
510 {
511 	const size_t overalloc = 5;
512 	size_t left = (*buf_len - (*p - *buf));
513 
514 	if (left < (needed_bytes + overalloc)) {
515 		const size_t offset = *p - *buf;
516 		zend_uchar *tmp_buf;
517 		*buf_len = offset + needed_bytes + overalloc;
518 		tmp_buf = mnd_emalloc(*buf_len);
519 		if (!tmp_buf) {
520 			return FAIL;
521 		}
522 		memcpy(tmp_buf, *buf, offset);
523 		if (*buf != provided_buffer) {
524 			mnd_efree(*buf);
525 		}
526 		*buf = tmp_buf;
527 		/* Update our pos pointer */
528 		*p = *buf + offset;
529 	}
530 	return PASS;
531 }
532 /* }}} */
533 
534 
535 /* {{{ mysqlnd_stmt_execute_prepare_param_types */
536 static enum_func_status
mysqlnd_stmt_execute_prepare_param_types(MYSQLND_STMT_DATA * stmt,zval ** copies_param,int * resend_types_next_time)537 mysqlnd_stmt_execute_prepare_param_types(MYSQLND_STMT_DATA * stmt, zval ** copies_param, int * resend_types_next_time)
538 {
539 	unsigned int i;
540 	DBG_ENTER("mysqlnd_stmt_execute_prepare_param_types");
541 	for (i = 0; i < stmt->param_count; i++) {
542 		const short current_type = stmt->param_bind[i].type;
543 		zval *parameter = &stmt->param_bind[i].zv;
544 
545 		ZVAL_DEREF(parameter);
546 		if (!Z_ISNULL_P(parameter) && (current_type == MYSQL_TYPE_LONG || current_type == MYSQL_TYPE_LONGLONG || current_type == MYSQL_TYPE_TINY)) {
547 			/* always copy the var, because we do many conversions */
548 			if (Z_TYPE_P(parameter) != IS_LONG &&
549 				PASS != mysqlnd_stmt_copy_it(copies_param, parameter, stmt->param_count, i))
550 			{
551 				SET_OOM_ERROR(stmt->error_info);
552 				goto end;
553 			}
554 			/*
555 			  if it doesn't fit in a long send it as a string.
556 			  Check bug #52891 : Wrong data inserted with mysqli/mysqlnd when using bind_param, value > LONG_MAX
557 			*/
558 			if (Z_TYPE_P(parameter) != IS_LONG) {
559 				zval *tmp_data = (*copies_param && !Z_ISUNDEF((*copies_param)[i]))? &(*copies_param)[i]: parameter;
560 				/*
561 				  Because converting to double and back to long can lead
562 				  to losing precision we need second variable. Conversion to double is to see if
563 				  value is too big for a long. As said, precision could be lost.
564 				*/
565 				double d = zval_get_double(tmp_data);
566 
567 				/*
568 				  if it doesn't fit in a long send it as a string.
569 				  Check bug #52891 : Wrong data inserted with mysqli/mysqlnd when using bind_param, value > LONG_MAX
570 				  We do transformation here, which will be used later when sending types. The code later relies on this.
571 				*/
572 				if (d >= (double) ZEND_LONG_MAX || d < (double) ZEND_LONG_MIN) {
573 					stmt->send_types_to_server = *resend_types_next_time = 1;
574 					convert_to_string(tmp_data);
575 				} else {
576 					convert_to_long(tmp_data);
577 				}
578 			}
579 		}
580 	}
581 	DBG_RETURN(PASS);
582 end:
583 	DBG_RETURN(FAIL);
584 }
585 /* }}} */
586 
587 
588 /* {{{ mysqlnd_stmt_execute_store_types */
589 static void
mysqlnd_stmt_execute_store_types(MYSQLND_STMT_DATA * stmt,zval * copies,zend_uchar ** p)590 mysqlnd_stmt_execute_store_types(MYSQLND_STMT_DATA * stmt, zval * copies, zend_uchar ** p)
591 {
592 	unsigned int i;
593 	for (i = 0; i < stmt->param_count; i++) {
594 		short current_type = stmt->param_bind[i].type;
595 		zval *parameter = &stmt->param_bind[i].zv;
596 		/* our types are not unsigned */
597 #if SIZEOF_ZEND_LONG==8
598 		if (current_type == MYSQL_TYPE_LONG) {
599 			current_type = MYSQL_TYPE_LONGLONG;
600 		}
601 #endif
602 		ZVAL_DEREF(parameter);
603 		if (!Z_ISNULL_P(parameter) && (current_type == MYSQL_TYPE_LONG || current_type == MYSQL_TYPE_LONGLONG)) {
604 			/*
605 			  if it doesn't fit in a long send it as a string.
606 			  Check bug #52891 : Wrong data inserted with mysqli/mysqlnd when using bind_param, value > LONG_MAX
607 			*/
608 			if (Z_TYPE_P(parameter) != IS_LONG) {
609 				const zval *tmp_data = (copies && !Z_ISUNDEF(copies[i]))? &copies[i] : parameter;
610 				/*
611 				  In case of IS_LONG we do nothing, it is ok, in case of string, we just need to set current_type.
612 				  The actual transformation has been performed several dozens line above.
613 				*/
614 				if (Z_TYPE_P(tmp_data) == IS_STRING) {
615 					current_type = MYSQL_TYPE_VAR_STRING;
616 					/*
617 					  don't change stmt->param_bind[i].type to MYSQL_TYPE_VAR_STRING
618 					  we force convert_to_long in all cases, thus the type will be right in the next switch.
619 					  if the type is however not long, then we will do a goto in the next switch.
620 					  We want to preserve the original bind type given by the user. Thus, we do these hacks.
621 					*/
622 				}
623 			}
624 		}
625 		int2store(*p, current_type);
626 		*p+= 2;
627 	}
628 }
629 /* }}} */
630 
631 
632 /* {{{ mysqlnd_stmt_execute_calculate_param_values_size */
633 static enum_func_status
mysqlnd_stmt_execute_calculate_param_values_size(MYSQLND_STMT_DATA * stmt,zval ** copies_param,size_t * data_size)634 mysqlnd_stmt_execute_calculate_param_values_size(MYSQLND_STMT_DATA * stmt, zval ** copies_param, size_t * data_size)
635 {
636 	unsigned int i;
637 	DBG_ENTER("mysqlnd_stmt_execute_calculate_param_values_size");
638 	for (i = 0; i < stmt->param_count; i++) {
639 		unsigned short is_longlong = 0;
640 		unsigned int j;
641 		zval *bind_var, *the_var = &stmt->param_bind[i].zv;
642 
643 		bind_var = the_var;
644 		ZVAL_DEREF(the_var);
645 		if ((stmt->param_bind[i].type != MYSQL_TYPE_LONG_BLOB && Z_TYPE_P(the_var) == IS_NULL)) {
646 			continue;
647 		}
648 
649 		if (Z_ISREF_P(bind_var)) {
650 			for (j = i + 1; j < stmt->param_count; j++) {
651 				if (Z_ISREF(stmt->param_bind[j].zv) && Z_REFVAL(stmt->param_bind[j].zv) == the_var) {
652 					/* Double binding of the same zval, make a copy */
653 					if (!*copies_param || Z_ISUNDEF((*copies_param)[i])) {
654 						if (PASS != mysqlnd_stmt_copy_it(copies_param, the_var, stmt->param_count, i)) {
655 							SET_OOM_ERROR(stmt->error_info);
656 							goto end;
657 						}
658 					}
659 					break;
660 				}
661 			}
662 		}
663 
664 		switch (stmt->param_bind[i].type) {
665 			case MYSQL_TYPE_DOUBLE:
666 				*data_size += 8;
667 				if (Z_TYPE_P(the_var) != IS_DOUBLE) {
668 					if (!*copies_param || Z_ISUNDEF((*copies_param)[i])) {
669 						if (PASS != mysqlnd_stmt_copy_it(copies_param, the_var, stmt->param_count, i)) {
670 							SET_OOM_ERROR(stmt->error_info);
671 							goto end;
672 						}
673 					}
674 				}
675 				break;
676 			case MYSQL_TYPE_LONGLONG:
677 				is_longlong = 4;
678 				ZEND_FALLTHROUGH;
679 			case MYSQL_TYPE_LONG:
680 				{
681 					zval *tmp_data = (*copies_param && !Z_ISUNDEF((*copies_param)[i]))? &(*copies_param)[i]: the_var;
682 					if (Z_TYPE_P(tmp_data) == IS_STRING) {
683 						goto use_string;
684 					}
685 					convert_to_long(tmp_data);
686 				}
687 				*data_size += 4 + is_longlong;
688 				break;
689 			case MYSQL_TYPE_LONG_BLOB:
690 				if (!(stmt->param_bind[i].flags & MYSQLND_PARAM_BIND_BLOB_USED)) {
691 					/*
692 					  User hasn't sent anything, we will send empty string.
693 					  Empty string has length of 0, encoded in 1 byte. No real
694 					  data will follow after it.
695 					*/
696 					(*data_size)++;
697 				}
698 				break;
699 			case MYSQL_TYPE_VAR_STRING:
700 use_string:
701 				*data_size += 8; /* max 8 bytes for size */
702 				if (Z_TYPE_P(the_var) != IS_STRING) {
703 					if (!*copies_param || Z_ISUNDEF((*copies_param)[i])) {
704 						if (PASS != mysqlnd_stmt_copy_it(copies_param, the_var, stmt->param_count, i)) {
705 							SET_OOM_ERROR(stmt->error_info);
706 							goto end;
707 						}
708 					}
709 					the_var = &((*copies_param)[i]);
710 				}
711 
712 				if (!try_convert_to_string(the_var)) {
713 					goto end;
714 				}
715 				*data_size += Z_STRLEN_P(the_var);
716 				break;
717 		}
718 	}
719 	DBG_RETURN(PASS);
720 end:
721 	DBG_RETURN(FAIL);
722 }
723 /* }}} */
724 
725 
726 /* {{{ mysqlnd_stmt_execute_store_param_values */
727 static void
mysqlnd_stmt_execute_store_param_values(MYSQLND_STMT_DATA * stmt,zval * copies,zend_uchar * buf,zend_uchar ** p,size_t null_byte_offset)728 mysqlnd_stmt_execute_store_param_values(MYSQLND_STMT_DATA * stmt, zval * copies, zend_uchar * buf, zend_uchar ** p, size_t null_byte_offset)
729 {
730 	unsigned int i;
731 	for (i = 0; i < stmt->param_count; i++) {
732 		zval *data, *parameter = &stmt->param_bind[i].zv;
733 
734 		ZVAL_DEREF(parameter);
735 		data = (copies && !Z_ISUNDEF(copies[i]))? &copies[i]: parameter;
736 		/* Handle long data */
737 		if (!Z_ISUNDEF_P(parameter) && Z_TYPE_P(data) == IS_NULL) {
738 			(buf + null_byte_offset)[i/8] |= (zend_uchar) (1 << (i & 7));
739 		} else {
740 			switch (stmt->param_bind[i].type) {
741 				case MYSQL_TYPE_DOUBLE:
742 					convert_to_double(data);
743 					float8store(*p, Z_DVAL_P(data));
744 					(*p) += 8;
745 					break;
746 				case MYSQL_TYPE_LONGLONG:
747 					if (Z_TYPE_P(data) == IS_STRING) {
748 						goto send_string;
749 					}
750 					/* data has alreade been converted to long */
751 					int8store(*p, Z_LVAL_P(data));
752 					(*p) += 8;
753 					break;
754 				case MYSQL_TYPE_LONG:
755 					if (Z_TYPE_P(data) == IS_STRING) {
756 						goto send_string;
757 					}
758 					/* data has alreade been converted to long */
759 					int4store(*p, Z_LVAL_P(data));
760 					(*p) += 4;
761 					break;
762 				case MYSQL_TYPE_TINY:
763 					if (Z_TYPE_P(data) == IS_STRING) {
764 						goto send_string;
765 					}
766 					int1store(*p, Z_LVAL_P(data));
767 					(*p)++;
768 					break;
769 				case MYSQL_TYPE_LONG_BLOB:
770 					if (stmt->param_bind[i].flags & MYSQLND_PARAM_BIND_BLOB_USED) {
771 						stmt->param_bind[i].flags &= ~MYSQLND_PARAM_BIND_BLOB_USED;
772 					} else {
773 						/* send_long_data() not called, send empty string */
774 						*p = php_mysqlnd_net_store_length(*p, 0);
775 					}
776 					break;
777 				case MYSQL_TYPE_VAR_STRING:
778 send_string:
779 					{
780 						const size_t len = Z_STRLEN_P(data);
781 						/* to is after p. The latter hasn't been moved */
782 						*p = php_mysqlnd_net_store_length(*p, len);
783 						memcpy(*p, Z_STRVAL_P(data), len);
784 						(*p) += len;
785 					}
786 					break;
787 				default:
788 					/* Won't happen, but set to NULL */
789 					(buf + null_byte_offset)[i/8] |= (zend_uchar) (1 << (i & 7));
790 					break;
791 			}
792 		}
793 	}
794 }
795 /* }}} */
796 
797 
798 /* {{{ mysqlnd_stmt_execute_store_params */
799 static enum_func_status
mysqlnd_stmt_execute_store_params(MYSQLND_STMT * s,zend_uchar ** buf,zend_uchar ** p,size_t * buf_len)800 mysqlnd_stmt_execute_store_params(MYSQLND_STMT * s, zend_uchar **buf, zend_uchar **p, size_t *buf_len )
801 {
802 	MYSQLND_STMT_DATA * stmt = s->data;
803 	zend_uchar * provided_buffer = *buf;
804 	size_t data_size = 0;
805 	zval *copies = NULL;/* if there are different types */
806 	enum_func_status ret = FAIL;
807 	int resend_types_next_time = 0;
808 	size_t null_byte_offset;
809 
810 	DBG_ENTER("mysqlnd_stmt_execute_store_params");
811 
812 	{
813 		unsigned int null_count = (stmt->param_count + 7) / 8;
814 		if (FAIL == mysqlnd_stmt_execute_check_n_enlarge_buffer(buf, p, buf_len, provided_buffer, null_count)) {
815 			SET_OOM_ERROR(stmt->error_info);
816 			goto end;
817 		}
818 		/* put `null` bytes */
819 		null_byte_offset = *p - *buf;
820 		memset(*p, 0, null_count);
821 		*p += null_count;
822 	}
823 
824 /* 1. Store type information */
825 	/*
826 	  check if need to send the types even if stmt->send_types_to_server is 0. This is because
827 	  if we send "i" (42) then the type will be int and the server will expect int. However, if next
828 	  time we try to send > LONG_MAX, the conversion to string will send a string and the server
829 	  won't expect it and interpret the value as 0. Thus we need to resend the types, if any such values
830 	  occur, and force resend for the next execution.
831 	*/
832 	if (FAIL == mysqlnd_stmt_execute_prepare_param_types(stmt, &copies, &resend_types_next_time)) {
833 		goto end;
834 	}
835 
836 	int1store(*p, stmt->send_types_to_server);
837 	(*p)++;
838 
839 	if (stmt->send_types_to_server) {
840 		if (FAIL == mysqlnd_stmt_execute_check_n_enlarge_buffer(buf, p, buf_len, provided_buffer, stmt->param_count * 2)) {
841 			SET_OOM_ERROR(stmt->error_info);
842 			goto end;
843 		}
844 		mysqlnd_stmt_execute_store_types(stmt, copies, p);
845 	}
846 
847 	stmt->send_types_to_server = resend_types_next_time;
848 
849 /* 2. Store data */
850 	/* 2.1 Calculate how much space we need */
851 	if (FAIL == mysqlnd_stmt_execute_calculate_param_values_size(stmt, &copies, &data_size)) {
852 		goto end;
853 	}
854 
855 	/* 2.2 Enlarge the buffer, if needed */
856 	if (FAIL == mysqlnd_stmt_execute_check_n_enlarge_buffer(buf, p, buf_len, provided_buffer, data_size)) {
857 		SET_OOM_ERROR(stmt->error_info);
858 		goto end;
859 	}
860 
861 	/* 2.3 Store the actual data */
862 	mysqlnd_stmt_execute_store_param_values(stmt, copies, *buf, p, null_byte_offset);
863 
864 	ret = PASS;
865 end:
866 	mysqlnd_stmt_free_copies(stmt, copies);
867 
868 	DBG_INF_FMT("ret=%s", ret == PASS? "PASS":"FAIL");
869 	DBG_RETURN(ret);
870 }
871 /* }}} */
872 
873 
874 /* {{{ mysqlnd_stmt_execute_generate_request */
875 enum_func_status
mysqlnd_stmt_execute_generate_request(MYSQLND_STMT * const s,zend_uchar ** request,size_t * request_len,bool * free_buffer)876 mysqlnd_stmt_execute_generate_request(MYSQLND_STMT * const s, zend_uchar ** request, size_t *request_len, bool * free_buffer)
877 {
878 	MYSQLND_STMT_DATA * stmt = s->data;
879 	zend_uchar	*p = stmt->execute_cmd_buffer.buffer,
880 				*cmd_buffer = stmt->execute_cmd_buffer.buffer;
881 	size_t cmd_buffer_length = stmt->execute_cmd_buffer.length;
882 	enum_func_status ret = PASS;
883 
884 	DBG_ENTER("mysqlnd_stmt_execute_generate_request");
885 
886 	int4store(p, stmt->stmt_id);
887 	p += 4;
888 
889 	/* flags is 4 bytes, we store just 1 */
890 	int1store(p, (zend_uchar) stmt->flags);
891 	p++;
892 
893 	/* Make it all zero */
894 	int4store(p, 0);
895 
896 	int1store(p, 1); /* and send 1 for iteration count */
897 	p+= 4;
898 
899 	if (stmt->param_count != 0) {
900 	    ret = mysqlnd_stmt_execute_store_params(s, &cmd_buffer, &p, &cmd_buffer_length);
901 	}
902 
903 	*free_buffer = (cmd_buffer != stmt->execute_cmd_buffer.buffer);
904 	*request_len = (p - cmd_buffer);
905 	*request = cmd_buffer;
906 	DBG_INF_FMT("ret=%s", ret == PASS? "PASS":"FAIL");
907 	DBG_RETURN(ret);
908 }
909 /* }}} */
910