RubyGems - ruby-mysql - Versions diffs - 2.9.0 → 2.9.1 - Mend

ruby-mysql 2.9.0 → 2.9.1

Potentially problematic release.

This version of ruby-mysql might be problematic. Click here for more details.

Files changed (6) hide show

data/ChangeLog CHANGED Viewed

@@ -1,3 +1,12 @@
+2010-01-16  TOMITA Masahiro  <tommy@tmtm.org>
+	* lib/mysql.rb (Mysql#escape_string): raise error for unsafe
+	multibyte charset
+2010-01-15  TOMITA Masahiro  <tommy@tmtm.org>
+	* Fix: When GC destroy Mysql::Stmt object, protocol error occurred
 2010-01-10  TOMITA Masahiro  <tommy@tmtm.org>
 	* Version 2.9.0-beta

data/README.rdoc CHANGED Viewed

@@ -33,11 +33,11 @@ MySQL connector for Ruby.
 == Incompatible with MySQL/Ruby 2.8.x
-* Ruby 1.8.x では Mysql#escape_string は、マルチバイト文字の一部として特殊記号を含むシフトJISのようなマルチバイト文字セットに対して安全ではありません。
+* Ruby 1.8.x ではシフトJISのような安全でないマルチバイト文字セットに対して Mysql#escape_string を使用すると例外が発生します。
 * いくつかのメソッドがありません: Mysql#debug, Mysql#change_user,
   Mysql#create_db, Mysql#drop_db, Mysql#dump_debug_info,
-  Mysql#ssl_set, Mysql#reconnect, Mysql::Stmt#attr_set
+  Mysql#ssl_set, Mysql#reconnect
 * Mysql#options でサポートしているオプションは次のものだけです:
   Mysql::INIT_COMMAND, Mysql::OPT_CONNECT_TIMEOUT,

data/lib/mysql.rb CHANGED Viewed

@@ -39,7 +39,7 @@ class Mysql
     # Arguments are same as Mysql#connect.
     def new(*args)
       my = self.init
-      my.connect *args
+      my.connect(*args)
     end
     alias real_connect new
@@ -175,15 +175,10 @@ class Mysql
   # In Ruby 1.8, this is not safe for multibyte charset such as 'SJIS'.
   # You should use place-holder in prepared-statement.
   def escape_string(str)
-    str.gsub(/[\0\n\r\\\'\"\x1a]/) do |s|
-      case s
-      when "\0" then "\\0"
-      when "\n" then "\\n"
-      when "\r" then "\\r"
-      when "\x1a" then "\\Z"
-      else "\\#{s}"
-      end
+    if not defined? Encoding and @charset.unsafe
+      raise ClientError, 'Mysql#escape_string is called for unsafe multibyte charset'
     end
+    self.class.escape_string str
   end
   alias quote escape_string
@@ -805,9 +800,7 @@ class Mysql
     def self.finalizer(protocol, statement_id)
       proc do
-        Thread.new do
-          protocol.stmt_close_command statement_id
-        end
+        protocol.gc_stmt statement_id
       end
     end
@@ -843,7 +836,7 @@ class Mysql
     # === Argument
     # values passed to query
     # === Return
-    # Mysql::Result
+    # self
     def execute(*values)
       raise ClientError, "not prepared" unless @param_count
       raise ClientError, "parameter count mismatch" if values.length != @param_count

data/lib/mysql/charset.rb CHANGED Viewed

@@ -7,8 +7,10 @@ class Mysql
   class Charset
     def initialize(number, name, csname)
       @number, @name, @csname = number, name, csname
+      @unsafe = false
     end
     attr_reader :number, :name, :csname
+    attr_accessor :unsafe
     # [[charset_number, charset_name, collation_name, default], ...]
     CHARSETS = [
@@ -28,6 +30,7 @@ class Mysql
       [ 14, "cp1251",   "cp1251_bulgarian_ci",  false],
       [ 15, "latin1",   "latin1_danish_ci",     false],
       [ 16, "hebrew",   "hebrew_general_ci",    true ],
+      [ 17, "filename", "filename",             true ],
       [ 18, "tis620",   "tis620_thai_ci",       true ],
       [ 19, "euckr",    "euckr_korean_ci",      true ],
       [ 20, "latin7",   "latin7_estonian_cs",   false],
@@ -100,6 +103,7 @@ class Mysql
       [ 96, "cp932",    "cp932_bin"          ,  false],
       [ 97, "eucjpms",  "eucjpms_japanese_ci",  true ],
       [ 98, "eucjpms",  "eucjpms_bin",          false],
+      [ 99, "cp1250",   "cp1250_polish_ci",     false],
       [128, "ucs2",     "ucs2_unicode_ci",      false],
       [129, "ucs2",     "ucs2_icelandic_ci",    false],
       [130, "ucs2",     "ucs2_latvian_ci",      false],
@@ -138,6 +142,11 @@ class Mysql
       [208, "utf8",     "utf8_persian_ci",      false],
       [209, "utf8",     "utf8_esperanto_ci",    false],
       [210, "utf8",     "utf8_hungarian_ci",    false],
+      [254, "utf8",     "utf8_general_cs",      false],
+    ]
+    UNSAFE_CHARSET = [
+      "big5", "sjis", "filename", "gbk", "ucs2", "cp932",
     ]
     NUMBER_TO_CHARSET = {}
@@ -145,6 +154,7 @@ class Mysql
     CHARSET_DEFAULT = {}
     CHARSETS.each do |number, csname, clname, default|
       cs = Charset.new number, csname, clname
+      cs.unsafe = true if UNSAFE_CHARSET.include? csname
       NUMBER_TO_CHARSET[number] = cs
       COLLATION_TO_CHARSET[clname] = cs
       CHARSET_DEFAULT[csname] = cs if default

data/lib/mysql/protocol.rb CHANGED Viewed

@@ -1,10 +1,9 @@
-# Copyright (C) 2008-2009 TOMITA Masahiro
+# Copyright (C) 2008-2010 TOMITA Masahiro
 # mailto:tommy@tmtm.org
 require "socket"
 require "timeout"
 require "digest/sha1"
-require "thread"
 require "stringio"
 class Mysql
@@ -185,6 +184,12 @@ class Mysql
     attr_reader :message
     attr_accessor :charset
+    # @state variable keep state for connection.
+    # :INIT   :: Initial state.
+    # :READY  :: Ready for command.
+    # :FIELD  :: After query(). retr_fields() is needed.
+    # :RESULT :: After retr_fields(), retr_all_records() or stmt_retr_all_records() is needed.
     # make socket connection to server.
     # === Argument
     # host :: [String] if "localhost" or "" nil then use UNIXSocket. Otherwise use TCPSocket
@@ -196,7 +201,8 @@ class Mysql
     # === Exception
     # [ClientError] :: connection timeout
     def initialize(host, port, socket, conn_timeout, read_timeout, write_timeout)
-      @mutex = Mutex.new
+      @gc_stmt_queue = []   # stmt id list which GC destroy.
+      set_state :INIT
       @read_timeout = read_timeout
       @write_timeout = write_timeout
       begin
@@ -226,25 +232,25 @@ class Mysql
     # flag    :: [Integer] client flag
     # charset :: [Mysql::Charset / nil] charset for connection. nil: use server's charset
     def authenticate(user, passwd, db, flag, charset)
+      check_state :INIT
       @authinfo = [user, passwd, db, flag, charset]
-      synchronize do
-        reset
-        init_packet = InitialPacket.parse read
-        @server_info = init_packet.server_version
-        @server_version = init_packet.server_version.split(/\D/)[0,3].inject{|a,b|a.to_i*100+b.to_i}
-        @thread_id = init_packet.thread_id
-        client_flags = CLIENT_LONG_PASSWORD | CLIENT_LONG_FLAG | CLIENT_TRANSACTIONS | CLIENT_PROTOCOL_41 | CLIENT_SECURE_CONNECTION
-        client_flags |= CLIENT_CONNECT_WITH_DB if db
-        client_flags |= flag
-        @charset = charset
-        unless @charset
-          @charset = Charset.by_number(init_packet.server_charset)
-          @charset.encoding       # raise error if unsupported charset
-        end
-        netpw = encrypt_password passwd, init_packet.scramble_buff
-        write AuthenticationPacket.serialize(client_flags, 1024**3, @charset.number, user, netpw, db)
-        read            # skip OK packet
-      end
+      reset
+      init_packet = InitialPacket.parse read
+      @server_info = init_packet.server_version
+      @server_version = init_packet.server_version.split(/\D/)[0,3].inject{|a,b|a.to_i*100+b.to_i}
+      @thread_id = init_packet.thread_id
+      client_flags = CLIENT_LONG_PASSWORD | CLIENT_LONG_FLAG | CLIENT_TRANSACTIONS | CLIENT_PROTOCOL_41 | CLIENT_SECURE_CONNECTION
+      client_flags |= CLIENT_CONNECT_WITH_DB if db
+      client_flags |= flag
+      @charset = charset
+      unless @charset
+        @charset = Charset.by_number(init_packet.server_charset)
+        @charset.encoding       # raise error if unsupported charset
+      end
+      netpw = encrypt_password passwd, init_packet.scramble_buff
+      write AuthenticationPacket.serialize(client_flags, 1024**3, @charset.number, user, netpw, db)
+      read            # skip OK packet
+      set_state :READY
     end
     # Quit command
@@ -262,10 +268,14 @@ class Mysql
     # === Return
     # [Integer / nil] number of fields of results. nil if no results.
     def query_command(query)
-      synchronize do
+      check_state :READY
+      begin
         reset
         write [COM_QUERY, @charset.convert(query)].pack("Ca*")
         get_result
+      rescue
+        set_state :READY
+        raise
       end
     end
@@ -273,19 +283,26 @@ class Mysql
     # === Return
     # [integer / nil] number of fields of results. nil if no results.
     def get_result
-      res_packet = ResultPacket.parse read
-      if res_packet.field_count.to_i > 0  # result data exists
-        return res_packet.field_count
-      end
-      if res_packet.field_count.nil?      # LOAD DATA LOCAL INFILE
-        filename = res_packet.message
-        File.open(filename){|f| write f}
-        write nil  # EOF mark
-        read
+      begin
+        res_packet = ResultPacket.parse read
+        if res_packet.field_count.to_i > 0  # result data exists
+          set_state :FIELD
+          return res_packet.field_count
+        end
+        if res_packet.field_count.nil?      # LOAD DATA LOCAL INFILE
+          filename = res_packet.message
+          File.open(filename){|f| write f}
+          write nil  # EOF mark
+          read
+        end
+        @affected_rows, @insert_id, @server_status, @warning_count, @message =
+          res_packet.affected_rows, res_packet.insert_id, res_packet.server_status, res_packet.warning_count, res_packet.message
+        set_state :READY
+        return nil
+      rescue
+        set_state :READY
+        raise
       end
-      @affected_rows, @insert_id, @server_status, @warning_count, @message =
-        res_packet.affected_rows, res_packet.insert_id, res_packet.server_status, res_packet.warning_count, res_packet.message
-      return nil
     end
     # Retrieve n fields
@@ -294,9 +311,16 @@ class Mysql
     # === Return
     # [Array of Mysql::Field] field list
     def retr_fields(n)
-      fields = n.times.map{Field.new FieldPacket.parse(read)}
-      read_eof_packet
-      fields
+      check_state :FIELD
+      begin
+        fields = n.times.map{Field.new FieldPacket.parse(read)}
+        read_eof_packet
+        set_state :RESULT
+        fields
+      rescue
+        set_state :READY
+        raise
+      end
     end
     # Retrieve all records for simple query
@@ -305,16 +329,21 @@ class Mysql
     # === Return
     # [Array of Array of String] all records
     def retr_all_records(fields)
-      all_recs = []
-      until self.class.eof_packet?(data = read)
-        rec = fields.map do
-          s = self.class.lcs2str!(data)
-          s && charset.force_encoding(s)
+      check_state :RESULT
+      begin
+        all_recs = []
+        until self.class.eof_packet?(data = read)
+          rec = fields.map do
+            s = self.class.lcs2str!(data)
+            s && charset.force_encoding(s)
+          end
+          all_recs.push rec
         end
-        all_recs.push rec
+        @server_status = data[3].ord
+        all_recs
+      ensure
+        set_state :READY
       end
-      @server_status = data[3].ord
-      all_recs
     end
     # Field list command
@@ -339,13 +368,18 @@ class Mysql
     # === Return
     # [Array of Field] field list
     def process_info_command
-      synchronize do
+      check_state :READY
+      begin
         reset
         write [COM_PROCESS_INFO].pack("C")
         field_count = self.class.lcb2int!(read)
         fields = field_count.times.map{Field.new FieldPacket.parse(read)}
         read_eof_packet
+        set_state :RESULT
         return fields
+      rescue
+        set_state :READY
+        raise
       end
     end
@@ -412,10 +446,14 @@ class Mysql
     # === Return
     # [Integer] number of fields
     def stmt_execute_command(stmt_id, values)
-      synchronize do
+      check_state :READY
+      begin
         reset
         write ExecutePacket.serialize(stmt_id, Mysql::Stmt::CURSOR_TYPE_NO_CURSOR, values)
-        return get_result
+        get_result
+      rescue
+        set_state :READY
+        raise
       end
     end
@@ -426,11 +464,16 @@ class Mysql
     # === Return
     # [Array of Array of Object] all records
     def stmt_retr_all_records(fields, charset)
-      all_recs = []
-      until self.class.eof_packet?(data = read)
-        all_recs.push stmt_parse_record_packet(data, fields, charset)
+      check_state :RESULT
+      begin
+        all_recs = []
+        until self.class.eof_packet?(data = read)
+          all_recs.push stmt_parse_record_packet(data, fields, charset)
+        end
+        all_recs
+      ensure
+        set_state :READY
       end
-      all_recs
     end
     # Stmt close command
@@ -443,6 +486,10 @@ class Mysql
       end
     end
+    def gc_stmt(stmt_id)
+      @gc_stmt_queue.push stmt_id
+    end
     private
     # Parse statement result packet
@@ -473,9 +520,31 @@ class Mysql
       rec
     end
+    def check_state(st)
+      raise 'command out of sync' unless @state == st
+    end
+    def set_state(st)
+      @state = st
+      if st == :READY
+        gc_disabled = GC.disable
+        begin
+          while st = @gc_stmt_queue.shift
+            reset
+            write [COM_STMT_CLOSE, st].pack("CV")
+          end
+        ensure
+          GC.enable unless gc_disabled
+        end
+      end
+    end
     def synchronize
-      @mutex.synchronize do
+      begin
+        check_state :READY
         return yield
+      ensure
+        set_state :READY
       end
     end

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: ruby-mysql
 version: !ruby/object:Gem::Version
-  version: 2.9.0
+  version: 2.9.1
 platform: ruby
 authors:
 - tommy
@@ -9,7 +9,7 @@ autorequire:
 bindir: bin
 cert_chain: []
-date: 2009-07-29 00:00:00 +09:00
+date: 2010-01-16 00:00:00 +09:00
 default_executable:
 dependencies: []