From: Date: May 27 2008 11:15pm Subject: Connector/NET commit: r1304 - in trunk: . MySql.Data/Provider/Source MySql.Data/Provider/Source/Types List-Archive: http://lists.mysql.com/commits/47112 X-Bug: 36997 Message-Id: <200805272115.m4RLFTiR026462@bk-internal.mysql.com> Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Modified: trunk/CHANGES trunk/MySql.Data/Provider/Source/MySqlPacket.cs trunk/MySql.Data/Provider/Source/Types/MySqlInt64.cs trunk/MySql.Data/Provider/Source/Types/MySqlUInt64.cs Log: Fixed possible overflow bug in MySqlPacket.ReadLong (bug #36997) Modified: trunk/CHANGES =================================================================== --- trunk/CHANGES 2008-05-27 21:01:08 UTC (rev 1303) +++ trunk/CHANGES 2008-05-27 21:15:28 UTC (rev 1304) @@ -1,6 +1,7 @@ Version 5.3 - Massive speedups - Improved sql tokenizing speed greatly. Patch submitted by Maxim Mass (bug #36836) +- Fixed possible overflow bug in MySqlPacket.ReadLong (bug #36997) Version 5.2.2 - - Fixed profile provider that would throw an exception if you were updating Modified: trunk/MySql.Data/Provider/Source/MySqlPacket.cs =================================================================== --- trunk/MySql.Data/Provider/Source/MySqlPacket.cs 2008-05-27 21:01:08 UTC (rev 1303) +++ trunk/MySql.Data/Provider/Source/MySqlPacket.cs 2008-05-27 21:15:28 UTC (rev 1304) @@ -10,9 +10,6 @@ { private byte[] tempBuffer = new byte[256]; private Encoding encoding; -// private byte[] buffer; - // private int len; - // private int pos; private MemoryStream buffer = new MemoryStream(); private DBVersion version; @@ -150,9 +147,9 @@ return value; } - public long ReadLong(int numbytes) + public ulong ReadULong(int numbytes) { - int value = 0; + ulong value = 0; int pos = (int)buffer.Position; byte[] bits = buffer.GetBuffer(); @@ -160,7 +157,7 @@ for (int i = 0; i < numbytes; i++) { - value |= (bits[pos++] << shift); + value |= (ulong)(bits[pos++] << shift); shift += 8; } buffer.Position += numbytes; @@ -169,7 +166,8 @@ public int ReadInteger(int numbytes) { - return (int)ReadLong(numbytes); + Debug.Assert(numbytes <= 4); + return (int)ReadULong(numbytes); } /// Modified: trunk/MySql.Data/Provider/Source/Types/MySqlInt64.cs =================================================================== --- trunk/MySql.Data/Provider/Source/Types/MySqlInt64.cs 2008-05-27 21:01:08 UTC (rev 1303) +++ trunk/MySql.Data/Provider/Source/Types/MySqlInt64.cs 2008-05-27 21:15:28 UTC (rev 1304) @@ -93,7 +93,7 @@ return new MySqlInt64(true); if (length == -1) - return new MySqlInt64((long)packet.ReadLong(8)); + return new MySqlInt64((long)packet.ReadULong(8)); else return new MySqlInt64(Int64.Parse(packet.ReadString(length))); } Modified: trunk/MySql.Data/Provider/Source/Types/MySqlUInt64.cs =================================================================== --- trunk/MySql.Data/Provider/Source/Types/MySqlUInt64.cs 2008-05-27 21:01:08 UTC (rev 1303) +++ trunk/MySql.Data/Provider/Source/Types/MySqlUInt64.cs 2008-05-27 21:15:28 UTC (rev 1304) @@ -93,7 +93,7 @@ return new MySqlUInt64(true); if (length == -1) - return new MySqlUInt64((ulong)packet.ReadLong(8)); + return new MySqlUInt64(packet.ReadULong(8)); else return new MySqlUInt64(UInt64.Parse(packet.ReadString(length))); }