Thread: Bug in ResolveOneParam()
Hello, I finally was able to track down the bug that occasionally happened when UseServerSidePrepare was enabled: the driver is writing past allocated memory. The bug is in ResolveOneParam(). At one point this function writes directly into the allocated buffer <qb->query_statement> _without_ checking the allocated size by calling enlarge_query_statement(). I have added the ENLARGE_NEWSTATEMENT() call which should take care of this bug (see attached patch). Rainer Index: convert.c =================================================================== RCS file: /cvsroot/psqlodbc/psqlodbc/convert.c,v retrieving revision 1.161 diff -u -r1.161 convert.c --- convert.c 4 Jun 2007 10:24:49 -0000 1.161 +++ convert.c 16 Jul 2007 09:52:51 -0000 @@ -3459,6 +3472,7 @@ } */ if (req_bind) { + ENLARGE_NEWSTATEMENT( qb, (qb->npos+4) ); npos = qb->npos; qb->npos += 4; }
Rainer Bauer wrote: > Hello, > > I finally was able to track down the bug that occasionally happened when > UseServerSidePrepare was enabled: the driver is writing past allocated memory. > The bug is in ResolveOneParam(). At one point this function writes directly > into the allocated buffer <qb->query_statement> _without_ checking the > allocated size by calling enlarge_query_statement(). > > I have added the ENLARGE_NEWSTATEMENT() call which should take care of this > bug (see attached patch). Sorry for the delay. I would take care of it. Thanks. Hiroshi Inoue > Rainer > > Index: convert.c > =================================================================== > RCS file: /cvsroot/psqlodbc/psqlodbc/convert.c,v > retrieving revision 1.161 > diff -u -r1.161 convert.c > --- convert.c 4 Jun 2007 10:24:49 -0000 1.161 > +++ convert.c 16 Jul 2007 09:52:51 -0000 > @@ -3459,6 +3472,7 @@ > } */ > if (req_bind) > { > + ENLARGE_NEWSTATEMENT( qb, (qb->npos+4) ); > npos = qb->npos; > qb->npos += 4; > }