Details
-
Bug
-
Status: Open (View Workflow)
-
Minor
-
Resolution: Unresolved
-
2.0.0
-
None
-
None
-
None
-
Linux, but shouldn't matter
Description
mysql_set_local_infile_handler() just copies over the given callback function pointers into the connection handles options structure without performing any checks:
void STDCALL mysql_set_local_infile_handler(MYSQL *conn,
|
int (*local_infile_init)(void **, const char *, void *),
|
int (*local_infile_read)(void *, char *, uint),
|
void (*local_infile_end)(void *),
|
int (*local_infile_error)(void *, char *, uint),
|
void *userdata)
|
{
|
DBUG_ENTER("mysql_set_local_infile_handler");
|
conn->options.local_infile_init= local_infile_init;
|
conn->options.local_infile_read= local_infile_read;
|
conn->options.local_infile_end= local_infile_end;
|
conn->options.local_infile_error= local_infile_error;
|
conn->options.local_infile_userdata = userdata;
|
DBUG_VOID_RETURN;
|
}
|
Only when actually performing a LOAD DATA LOCAL INFILE query the given callback pointers are checked for not being NULL, and if any of them is then the custom infile handler is silently replaced by the default one:
/* check if all callback functions exist */
|
if (!conn->options.local_infile_init || !conn->options.local_infile_end ||
|
!conn->options.local_infile_read || !conn->options.local_infile_error)
|
{
|
conn->options.local_infile_userdata= conn;
|
mysql_set_local_infile_default(conn);
|
}
|
Proposed changes:
- backwards compatible (unless someone really relies on the silent fallback which I seriously doubt): throw an error in the check in mysql_handle_local_infile() instead of silently restoring the default behavior
- slightly backwards incompatible change: perform check in mysql_set_local_infile_handler() already; modify function prototype to return my_bool instead of void; this will break compilation if strict "return value ignored" compiler checks are enabled ... not sure how this works out with dynamic linking though, will the return value just be ignored, or will it overwrite a register that the calling code thinks is safe?