From b8aed2af550c137dc44c1eb84dd38018426caa76 Mon Sep 17 00:00:00 2001 From: Roland Bock Date: Fri, 14 Jan 2022 07:39:11 +0100 Subject: [PATCH] Address conversion warnings and fix UAF bug in test --- include/sqlpp11/postgresql/bind_result.h | 24 ++--- include/sqlpp11/postgresql/connection.h | 2 +- .../detail/prepared_statement_handle.h | 8 +- include/sqlpp11/postgresql/result.h | 92 +++++++++++-------- include/sqlpp11/postgresql/result_field.h | 4 +- tests/postgresql/usage/Select.cpp | 11 +-- 6 files changed, 80 insertions(+), 61 deletions(-) diff --git a/include/sqlpp11/postgresql/bind_result.h b/include/sqlpp11/postgresql/bind_result.h index 752da1f3..a350601d 100644 --- a/include/sqlpp11/postgresql/bind_result.h +++ b/include/sqlpp11/postgresql/bind_result.h @@ -164,7 +164,7 @@ namespace sqlpp } *is_null = _handle->result.isNull(_handle->count, index); - *value = _handle->result.getValue(_handle->count, index); + *value = _handle->result.getBoolValue(_handle->count, index); } inline void bind_result_t::_bind_floating_point_result(size_t _index, double* value, bool* is_null) @@ -176,7 +176,7 @@ namespace sqlpp } *is_null = _handle->result.isNull(_handle->count, index); - *value = _handle->result.getValue(_handle->count, index); + *value = _handle->result.getDoubleValue(_handle->count, index); } inline void bind_result_t::_bind_integral_result(size_t _index, int64_t* value, bool* is_null) @@ -188,7 +188,7 @@ namespace sqlpp } *is_null = _handle->result.isNull(_handle->count, index); - *value = _handle->result.getValue(_handle->count, index); + *value = _handle->result.getInt64Value(_handle->count, index); } inline void bind_result_t::_bind_unsigned_integral_result(size_t _index, uint64_t* value, bool* is_null) @@ -200,7 +200,7 @@ namespace sqlpp } *is_null = _handle->result.isNull(_handle->count, index); - *value = _handle->result.getValue(_handle->count, index); + *value = _handle->result.getUInt64Value(_handle->count, index); } inline void bind_result_t::_bind_text_result(size_t _index, const char** value, size_t* len) @@ -218,8 +218,8 @@ namespace sqlpp } else { - *value = _handle->result.getValue(_handle->count, index); - *len = _handle->result.length(_handle->count, index); + *value = _handle->result.getCharPtrValue(_handle->count, index); + *len = static_cast(_handle->result.length(_handle->count, index)); } } @@ -311,7 +311,7 @@ namespace sqlpp if (!(*is_null)) { - const auto date_string = _handle->result.getValue(_handle->count, index); + const auto date_string = _handle->result.getCharPtrValue(_handle->count, index); if (_handle->debug()) { @@ -350,7 +350,7 @@ namespace sqlpp if (!(*is_null)) { - const auto date_string = _handle->result.getValue(_handle->count, index); + const auto date_string = _handle->result.getCharPtrValue(_handle->count, index); if (_handle->debug()) { @@ -386,8 +386,8 @@ namespace sqlpp if (std::strlen(time_string) <= 9) return; auto us_string = time_string + 9; // hh:mm:ss. - unsigned usec = 0; - for (int i = 0; i < 6; ++i) + int usec = 0; + for (size_t i = 0u; i < 6u; ++i) { if (std::isdigit(us_string[0])) { @@ -417,8 +417,8 @@ namespace sqlpp } else { - *value = _handle->result.getValue(_handle->count, index); - *len = _handle->result.length(_handle->count, index); + *value = _handle->result.getBlobValue(_handle->count, index); + *len = static_cast(_handle->result.length(_handle->count, index)); } } diff --git a/include/sqlpp11/postgresql/connection.h b/include/sqlpp11/postgresql/connection.h index 2528c519..93c7bd57 100644 --- a/include/sqlpp11/postgresql/connection.h +++ b/include/sqlpp11/postgresql/connection.h @@ -532,7 +532,7 @@ namespace sqlpp throw sqlpp::exception("PostgreSQL error: could not read default_transaction_isolation"); } - auto in = res->result.getValue(0, 0); + auto in = res->result.getStringValue(0, 0); if (in == "read committed") { return isolation_level::read_committed; diff --git a/include/sqlpp11/postgresql/detail/prepared_statement_handle.h b/include/sqlpp11/postgresql/detail/prepared_statement_handle.h index e05dc1cb..d3e2fa97 100644 --- a/include/sqlpp11/postgresql/detail/prepared_statement_handle.h +++ b/include/sqlpp11/postgresql/detail/prepared_statement_handle.h @@ -57,10 +57,10 @@ namespace sqlpp { detail::connection_handle& connection; Result result; - bool valid{false}; - uint32_t count{0}; - uint32_t totalCount = {0}; - uint32_t fields = {0}; + bool valid = false; + int count = 0; + int totalCount = 0; + int fields = 0; // ctor statement_handle_t(detail::connection_handle& _connection); diff --git a/include/sqlpp11/postgresql/result.h b/include/sqlpp11/postgresql/result.h index 3672b9c1..28a8a374 100644 --- a/include/sqlpp11/postgresql/result.h +++ b/include/sqlpp11/postgresql/result.h @@ -68,21 +68,71 @@ namespace sqlpp void operator=(PGresult* res); operator bool() const; - template - inline T getValue(int record, int field) const + inline int64_t getInt64Value(int record, int field) const { - static_assert(std::is_arithmetic::value, "Value must be numeric type"); checkIndex(record, field); - T t(0); - auto txt = std::string(getPqValue(m_result, record, field)); + auto t = int64_t{}; + const auto txt = std::string(getPqValue(m_result, record, field)); if(txt != "") { - t = std::stold(txt); + t = std::stoll(txt); } return t; } + inline uint64_t getUInt64Value(int record, int field) const + { + checkIndex(record, field); + auto t = uint64_t{}; + const auto txt = std::string(getPqValue(m_result, record, field)); + if(txt != "") + { + t = std::stoull(txt); + } + + return t; + } + + inline double getDoubleValue(int record, int field) const + { + checkIndex(record, field); + auto t = double{}; + auto txt = std::string(getPqValue(m_result, record, field)); + if(txt != "") + { + t = std::stod(txt); + } + + return t; + } + + inline const char* getCharPtrValue(int record, int field) const + { + return const_cast(getPqValue(m_result, record, field)); + } + + inline std::string getStringValue(int record, int field) const + { + return {getCharPtrValue(record, field)}; + } + + inline const uint8_t* getBlobValue(int record, int field) const + { + return reinterpret_cast(getPqValue(m_result, record, field)); + } + + inline bool getBoolValue(int record, int field) const + { + checkIndex(record, field); + auto val = getPqValue(m_result, record, field); + if (*val == 't') + return true; + else if (*val == 'f') + return false; + return const_cast(val); + } + const std::string& query() const { return m_query; @@ -109,36 +159,6 @@ namespace sqlpp std::string m_query; }; - template <> - inline const char* Result::getValue(int record, int field) const - { - return const_cast(getPqValue(m_result, record, field)); - } - - template <> - inline std::string Result::getValue(int record, int field) const - { - return {getValue(record, field)}; - } - - template <> - inline bool Result::getValue(int record, int field) const - { - checkIndex(record, field); - auto val = getPqValue(m_result, record, field); - if (*val == 't') - return true; - else if (*val == 'f') - return false; - return const_cast(val); - } - - - template <> - inline const uint8_t* Result::getValue(int record, int field) const - { - return reinterpret_cast(getValue(record, field)); - } inline Result::Result() : m_result(nullptr) { diff --git a/include/sqlpp11/postgresql/result_field.h b/include/sqlpp11/postgresql/result_field.h index 8a59f114..8311f286 100644 --- a/include/sqlpp11/postgresql/result_field.h +++ b/include/sqlpp11/postgresql/result_field.h @@ -75,7 +75,7 @@ namespace sqlpp case 'F': return c + 10 - 'A'; } - throw sqlpp::exception(std::string("Unexpected hex char: ") += c); + throw sqlpp::exception(std::string("Unexpected hex char: ") + static_cast(c)); } inline void hex_assign(std::vector& value, const uint8_t* blob, size_t len) @@ -85,7 +85,7 @@ namespace sqlpp size_t blob_index = 2; while (blob_index < len) { - value[val_index] = (unhex(blob[blob_index]) << 4) + unhex(blob[blob_index + 1]); + value[val_index] = static_cast(unhex(blob[blob_index]) << 4) + unhex(blob[blob_index + 1]); ++val_index; blob_index += 2; } diff --git a/tests/postgresql/usage/Select.cpp b/tests/postgresql/usage/Select.cpp index 81a4c025..ee7ae72a 100644 --- a/tests/postgresql/usage/Select.cpp +++ b/tests/postgresql/usage/Select.cpp @@ -33,8 +33,6 @@ #include "TabFoo.h" #include "make_test_connection.h" -SQLPP_ALIAS_PROVIDER(left); - namespace sql = sqlpp::postgresql; model::TabFoo tab = {}; @@ -126,13 +124,14 @@ int Select(int, char*[]) // remove db(remove_from(tab).where(tab.alpha == tab.alpha + 3)); - auto result = db(select(all_of(tab)).from(tab).unconditionally()); - std::cerr << "Accessing a field directly from the result (using the current row): " << result.begin()->alpha + auto result1 = db(select(all_of(tab)).from(tab).unconditionally()); + std::cerr << "Accessing a field directly from the result (using the current row): " << result1.begin()->alpha << std::endl; - std::cerr << "Can do that again, no problem: " << result.begin()->alpha << std::endl; + std::cerr << "Can do that again, no problem: " << result1.begin()->alpha << std::endl; auto tx = start_transaction(db); - if (const auto& row = *db(select(all_of(tab), select(max(tab.alpha)).from(tab)).from(tab).unconditionally()).begin()) + auto result2 = db(select(all_of(tab), select(max(tab.alpha)).from(tab)).from(tab).unconditionally()); + if (const auto& row = *result2.begin()) { auto a = row.alpha; auto m = row.max;