PHP :: Bug #68577 :: 'batchsize' parameter and negative values

Bug #68577

'batchsize' parameter and negative values

Submitted:

2014-12-09 16:12 UTC

Modified:

2015-05-26 15:21 UTC

Votes:	1
Avg. Score:	1.0 ± 0.0
Reproduced:	0 of 0 (0.0%)

From:

horton at tm43 dot cf

Assigned:

kalle (profile)

Status:

Wont fix

Package:

MSSQL related

PHP Version:

Irrelevant

OS:

Private report:

CVE-ID:

None

View Add Comment Developer Edit

Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.

php.net Username: php.net Password:

Quick Fix:	(description)
	Block user comment
Status:		Assign to:
Package:
Bug Type:
Summary:
From:	horton at tm43 dot cf
New email:
PHP Version:		OS:

New/Additional Comment:

[2014-12-09 16:12 UTC] horton at tm43 dot cf

Description:
------------
To make it extremely short: I believe a line within the _mssql_fetch_batch() function (in ext/mssql/php_mssql.c) should be changed (or the documentation).

Original:

if ( i < result->batchsize || result->batchsize == 0 ) 

Patched:

if ( i < result->batchsize || result->batchsize <= 0 ) 


In the original version, if 'i' is less than 'result->batchsize' OR 'result->batchsize' is equal to '0', then the next record is copied to the buffer and 'i' is incremented. This means, following the documentation and the most likely intention of the author (and the IF-clause), the 'batchsize' parameter of (for example) the 'mssql_query()' function is either a positive integer greater than zero, specifying the number of records to be fetched and stored within the buffer OR ANY other value, meaning that all records are fetched and stored within the buffer. 
But the source code only checks the latter case by comparing 'batchsize' to '0', where as it should perform the comparison with '<= 0', to include negative numbers, which can be supplied by the caller (there is no check performed anywhere against this case!). Otherwise, by supplying a negative value, the loop is left immediately in the first run, which might not be the intention of the author.

Thing is, I stumbled upon this oddity by inspecting the source code and cannot test it, since I have neither a Windows PC nor a MSSQL server to connect to, so this should be verified by someone, who does. Though I expect no problems at all, when patching this line AND modify slightly the documentation, that 0 or any negative value for 'batchsize' leads to fetching all records..

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports

[2014-12-29 00:22 UTC] kalle@php.net

-Status: Open +Status: Assigned -Assigned To: +Assigned To: kalle

[2014-12-29 00:22 UTC] kalle@php.net

I agree that we should not allow negative batchsize values, assigning this to myself and committing a fix soon to 5.5, 5.6 & 7.0 as well as updating the documentation.

[2015-05-26 15:21 UTC] kalle@php.net

-Status: Assigned +Status: Wont fix

[2015-05-26 15:21 UTC] kalle@php.net

Seeing as MSSQL is gone in 7.0, this is unlikely to be fixed

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Thu Apr 18 04:01:27 2024 UTC