Thread: How to fix buffer overrun in Windows x32

Answer in

http://stackoverflow.com/questions/32650613/how-to-fix-buffer-overrun-in-psqlodbc-driver

describes the reason of crash:    $f_InfA$  is terminated by  $f_infa$

It should be nice if this will fixed  in odbc driver code.

Andrus.

On 09/18/2015 10:28 AM, Andrus wrote:
> Application crashes latest in 32-bit postgresql odbc driver (03.3.0400) in Windows 7 x64.
> After crash Visual Studio 2015 Community Edition debugger is invoked.
>
> It shows stack trace:
>
>>     psqlodbc35w.dll!__crt_debugger_hook()     Unknown
>       psqlodbc35w.dll!__report_gsfailure()  Line 315 + 0x7 bytes    C
>       psqlodbc35w.dll!SC_create_errorinfo(const StatementClass_ * self)  Line 1423 + 0xa bytes    C
>       psqlodbc35w.dll!PGAPI_StmtError(void * hstmt, short RecNumber, unsigned char * szSqlState, long *
pfNativeError,unsigned char * szErrorMsg, short cbErrorMsgMax, short * pcbErrorMsg, unsigned short flag)  Line 1612
C
>       psqlodbc35w.dll!PGAPI_GetDiagField(short HandleType, void * Handle, short RecNumber, short DiagIdentifier, void
*DiagInfoPtr, short BufferLength, short * StringLengthPtr)  Line 280    C 
>       psqlodbc35w.dll!SQLGetDiagFieldW(short fHandleType, void * handle, short iRecord, short fDiagField, void *
rgbDiagInfo,short cbDiagInfoMax, short * pcbDiagInfo)  Line 374 + 0x16 bytes    C 
>       odbc32.dll!_VFreeErrors@4()  + 0x401f bytes
>       odbc32.dll!_SearchStatusCode@8()  + 0x25 bytes
>       odbc32.dll!_IsStmtPositioned@4()  + 0x14 bytes
>       odbc32.dll!_SQLExecute@4()  - 0xfd3e bytes
>       odbc32.dll!_SQLExecDirect@12()  + 0x77 bytes
>       vfp9r.dll!0c3904c6()
> ...


Can you create a little test program to reproduce that? That would be
best. If that's not possible, please enable the Debug option for the
datasource, and send over the log.

- Heikki

Hi!

>Can you create a little test program to reproduce that? That would be best.
>If that's not possible, please enable the Debug option for the datasource,
>and send over the log.

Testcase is

http://stackoverflow.com/questions/32650613/how-to-fix-buffer-overrun-in-psqlodbc-driver

If you dont have VFP you can copy postgresql code from it and pass to odbc
execdirect in C or other language.
I uploaded logs week ago to odbc issue tracker into one old closed issue.

If you really need I can create VFP application for that.

Andrus

On 09/22/2015 11:03 AM, Andrus wrote:
> Hi!
>
>> Can you create a little test program to reproduce that? That would be best.
>> If that's not possible, please enable the Debug option for the datasource,
>> and send over the log.
>
> Testcase is
>
> http://stackoverflow.com/questions/32650613/how-to-fix-buffer-overrun-in-psqlodbc-driver
>
> If you dont have VFP you can copy postgresql code from it and pass to odbc
> execdirect in C or other language.
> I uploaded logs week ago to odbc issue tracker into one old closed issue.

Ah, found it finally! There was a buffer overflow of two bytes, in
SC_create_errorinfo() function. Apparently that didn't cause a crash on
other platforms, but that was just luck. The overflow happened if the
error message was longer than 4096 bytes.

Fixed, thanks for the report! I also added a test case for that to the
regression suite.

- Heikki