ISAR/rusqlite
3
0
Fork 0
mirror of https://github.com/isar/rusqlite.git synced 2024-11-22 16:29:20 +08:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #62 from gwenn/too-big

Browse Source 
Check Rust str length before binding.
This commit is contained in:
John Gallagher 2015-09-20 20:57:28 -04:00
commit 59a3b0ddb5
2 changed files with 14 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/lib.rs
View File

@ -543,6 +543,12 @@ impl InnerSqliteConnection {
fn prepare<'a>(&mut self,
conn: &'a SqliteConnection,
sql: &str) -> SqliteResult<SqliteStatement<'a>> {
if sql.len() >= ::std::i32::MAX as usize {
return Err(SqliteError {
code: ffi::SQLITE_TOOBIG,
message: "statement too long".to_string()
});
}
let mut c_stmt: *mut ffi::sqlite3_stmt = unsafe { mem::uninitialized() };
let c_sql = try!(str_to_cstring(sql));
let r = unsafe {

9
src/types.rs
View File

@ -102,8 +102,12 @@ raw_to_impl!(c_double, sqlite3_bind_double);
impl<'a> ToSql for &'a str {
unsafe fn bind_parameter(&self, stmt: *mut sqlite3_stmt, col: c_int) -> c_int {
let length = self.len();
if length > ::std::i32::MAX as usize {
return ffi::SQLITE_TOOBIG;
}
match str_to_cstring(self) {
Ok(c_str) => ffi::sqlite3_bind_text(stmt, col, c_str.as_ptr(), -1,
Ok(c_str) => ffi::sqlite3_bind_text(stmt, col, c_str.as_ptr(), length as c_int,
ffi::SQLITE_TRANSIENT()),
Err(_) => ffi::SQLITE_MISUSE,
}
@ -118,6 +122,9 @@ impl ToSql for String {
impl<'a> ToSql for &'a [u8] {
unsafe fn bind_parameter(&self, stmt: *mut sqlite3_stmt, col: c_int) -> c_int {
if self.len() > ::std::i32::MAX as usize {
return ffi::SQLITE_TOOBIG;
}
ffi::sqlite3_bind_blob(
stmt, col, mem::transmute(self.as_ptr()), self.len() as c_int, ffi::SQLITE_TRANSIENT())
}