Thread: Bug in ResolveOneParam()

Hello,

I finally was able to track down the bug that occasionally happened when
UseServerSidePrepare was enabled: the driver is writing past allocated memory.

The bug is in ResolveOneParam(). At one point this function writes directly
into the allocated buffer <qb->query_statement> _without_ checking the
allocated size by calling enlarge_query_statement().

I have added the ENLARGE_NEWSTATEMENT() call which should take care of this
bug (see attached patch).

Rainer

Index: convert.c
===================================================================
RCS file: /cvsroot/psqlodbc/psqlodbc/convert.c,v
retrieving revision 1.161
diff -u -r1.161 convert.c
--- convert.c    4 Jun 2007 10:24:49 -0000    1.161
+++ convert.c    16 Jul 2007 09:52:51 -0000
@@ -3459,6 +3472,7 @@
     } */
     if (req_bind)
     {
+        ENLARGE_NEWSTATEMENT( qb, (qb->npos+4) );
         npos = qb->npos;
         qb->npos += 4;
     }

Rainer Bauer wrote:
> Hello,
>
> I finally was able to track down the bug that occasionally happened when
> UseServerSidePrepare was enabled: the driver is writing past allocated memory.

> The bug is in ResolveOneParam(). At one point this function writes directly
> into the allocated buffer <qb->query_statement> _without_ checking the
> allocated size by calling enlarge_query_statement().
>
> I have added the ENLARGE_NEWSTATEMENT() call which should take care of this
> bug (see attached patch).


Sorry for the delay.
I would take care of it.

Thanks.

Hiroshi Inoue

> Rainer
>
> Index: convert.c
> ===================================================================
> RCS file: /cvsroot/psqlodbc/psqlodbc/convert.c,v
> retrieving revision 1.161
> diff -u -r1.161 convert.c
> --- convert.c    4 Jun 2007 10:24:49 -0000    1.161
> +++ convert.c    16 Jul 2007 09:52:51 -0000
> @@ -3459,6 +3472,7 @@
>      } */
>      if (req_bind)
>      {
> +        ENLARGE_NEWSTATEMENT( qb, (qb->npos+4) );
>          npos = qb->npos;
>          qb->npos += 4;
>      }