bugMySQL++ - Bugs: bug #20743, ...

 
 
Show feedback again

You are not allowed to post comments on this tracker with your current authentification level.

bug #20743: mysqlpp::mysql_type_info::base_type() elides sign for integral types

Submitted by:  Boaz Yaniv <boazy>
Submitted on:  Thu 18 Apr 2013 08:44:09 PM UTC  
 
Category: NoneSeverity: 4 - Important
Priority: 5 - NormalStatus: None
Privacy: PublicAssigned to: None
Open/Closed: Open

Thu 18 Apr 2013 08:44:09 PM UTC, original submission:

The documentation for mysqlpp::mysql_type_info::base_type() states that you should get the same result as c_type(), but not wrapped in the Null<> template, in case the MySQL field type is nullable:
"Returns the type_info for the C++ type inside the mysqlpp::Null type. If the type is not Null then this is the same as c_type()."

The documentation is incorrect on two counts:
1. base_type() returns a mysql_type_info and not an std::type_info.
2. The return type is not the same as the as the type inside the Null<> template when the MySQL field type is UNSIGNED, because the implementation does not strip just the nullability flag, but also the unsigned flag.

The first issue is minor: it is just a matter of fixing the documentation to reflect what the function really does (which is arguably more a better design decision than returning the std::type_info directly anyway).

The second issue is rather serious, since it can result in very subtle bugs and dangerous security vulnerabilities due to type mismatches. I did not mark the severity level as Security, but it probably should be treated as such.

My solution (in the attached patch) was to follow the documentation and avoid eliding the unsigned flag, since I can't imagine a case where it would be needed.

Boaz Yaniv <boazy>

 

Attached Files
file #17760:  type_info_unsigned_elision_fix.diff added by boazy (354B - application/octet-stream)

 

Depends on the following items: None found

Items that depend on this one: None found

 

Carbon-Copy List
  • -unavailable- added by boazy (Submitted the item)
  •  

    Do you think this task is very important?
    If so, you can click here to add your encouragement to it.
    This task has 0 encouragements so far.

    Only logged-in users can vote.

     

    Please enter the title of George Orwell's famous dystopian book (it's a date):

     

     

    Follows 1 latest change.

    Date Changed By Updated Field Previous Value => Replaced By
    Thu 18 Apr 2013 08:44:09 PM UTCboazyAttached File-=>Added type_info_unsigned_elision_fix.diff, #17760
    Show feedback again

    Back to the top


    Powered by Savane 3.1-cleanup