Wrong data inserted with mysqli/mysqlnd when using bind_param,value>LONG_MAX
| Bug #52891 | Wrong data inserted with mysqli/mysqlnd when using bind_param,value>LONG_MAX | ||||
|---|---|---|---|---|---|
| Submitted: | 2010-09-20 08:56 UTC | Modified: | 2010-09-22 14:18 UTC | ||
| From: | andrey@php.net | Assigned: | mysql (profile) | ||
| Status: | Closed | Package: | MySQLi related | ||
| PHP Version: | 5.3SVN-2010-09-20 (SVN) | OS: | All | ||
| Private report: | No | CVE-ID: | None | ||
[2010-09-20 08:56 UTC] andrey@php.net
Description:
------------
LONG_MAX is differs from platform to platform.
Because zval internally uses a signed long for integer fields when the value in the script is over LONG_MAX, or under -LONG_MAX-1 then the value is fit into a double. When using mysqli_stmt_bind_param with such a value and "i" modifier then the value is converted back to long, which results in incorrect results - like if the VALUE was LONG_MAX+1 the result will be -1 (internally it is a signed long).
Test script:
---------------
CREATE TABLE tint(a bigint unsigned);
./php -r '$c=mysqli_connect("127.0.0.1","root","root","test");$s=$c->prepare("insert into tint values(?)");$param=4294967295;$s->bind_param("i",$param);var_dump($s->execute());'
bool(true)
Expected result:
----------------
Don't bork the data. Check if the value can't be fit into a long, and if this is the case use string to send to the server (changing the modifier to "s" just for the next execution, preserve "i" for further executions).
Actual result:
--------------
-1
Patches
Pull Requests
History
AllCommentsChangesGit/SVN commits
[2010-09-20 08:57 UTC] andrey@php.net
-Status: Open +Status: Assigned -Assigned To: +Assigned To: mysql
[2010-09-22 14:18 UTC] andrey@php.net
-Status: Assigned +Status: Closed