[Libreoffice] [PATCH] [REVIEW:3-5, 3-5-0] fdo#34432 ODBC crash on 64 bits

Lionel Elie Mamane <lionel -AT- mamane.lu>
Sun, 29 Jan 2012 21:36:27 +0100

Attached patch fixes fdo#34432, a crash with some ODBC drivers. The
bug report is about Firebird SQL.

The problem is that SQLGetStmtAttr is passed a pointer to a memory
area to write to. In several places, we give it a pointer to a
stack-allocated sal_(u)Int32, but it expects a pointer to a
SQLULEN. On 32 bits, no problem since SQLULEN==sal_uInt32. On a 64
bits machine, SQLULEN is 64 bits, so the driver writes beyond the area
we expect it to, and smashes our stack -> crash.

Please apply to libreoffice-3-5 and libreoffice-3-5-0 (crossing my
fingers on "before rc3 tag").

Thanks!

-- 
Lionel

From 884a3ee289d445c494be12a84b3f53b9c3a3ffcc Mon Sep 17 00:00:00 2001
From: Lionel Elie Mamane <lionel@mamane.lu>
Date: Thu, 19 Jan 2012 20:29:36 +0100
Subject: [PATCH] fdo#44025: repair dbaccess::ORowSetCache::isLast() after
 matrix (re)fill

After filling matrix, *do* check if we hit the last row and update
m_nRowCount accordingly. Else, a subsequent isLast() will return true
on the last row of the prefetch window, even if it is not the last row
of the data. Thus the algorithm:
while ( ! pResultSet->isLast() )
{
    //do stuff
    pResultSet->next()
}
will stop too soon, which is exactly the symptom in fdo#44025.
---
 dbaccess/source/core/api/RowSetCache.cxx |    2 --
 1 files changed, 0 insertions(+), 2 deletions(-)

diff --git a/dbaccess/source/core/api/RowSetCache.cxx b/dbaccess/source/core/api/RowSetCache.cxx
index 49f6368..272d260 100644
--- a/dbaccess/source/core/api/RowSetCache.cxx
+++ b/dbaccess/source/core/api/RowSetCache.cxx
@@ -803,7 +803,6 @@ sal_Bool ORowSetCache::fillMatrix(sal_Int32& _nNewStartPos,sal_Int32 _nNewEndPos
     }
     // we have to read one row forward to ensure that we know when we are on last row
     // but only when we don't know it already
-    /*
     if(!m_bRowCountFinal)
     {
         if(!m_pCacheSet->next())
@@ -816,7 +815,6 @@ sal_Bool ORowSetCache::fillMatrix(sal_Int32& _nNewStartPos,sal_Int32 _nNewEndPos
            m_nRowCount = std::max(i,m_nRowCount);
 
     }
-    */
     return bCheck;
 }
 
-- 
1.7.7.3

Context

[Libreoffice] [PATCH] [REVIEW:3-5, 3-5-0] fdo#34432 ODBC crash on 64 bits · Lionel Elie Mamane
- Re: [Libreoffice] [PATCH] [REVIEW:3-5, 3-5-0] fdo#34432 ODBC crash on 64 bits · Stephan Bergmann
  - Re: [Libreoffice] [PATCH] [REVIEW:3-5, 3-5-0] fdo#34432 ODBC crash on 64 bits · Michael Meeks
    - Re: [Libreoffice] [PATCH] [REVIEW:3-5, 3-5-0] fdo#34432 ODBC crash on 64 bits · Lionel Elie Mamane
      - Re: [Libreoffice] [PATCH] [REVIEW:3-5, 3-5-0] fdo#34432 ODBC crash on 64 bits · Stephan Bergmann
        
        Re: [Libreoffice] [PATCH] [REVIEW:3-5, 3-5-0] fdo#34432 ODBC crash on 64 bits · Lionel Elie Mamane
      - [Libreoffice] [PUSHED] Re: [PATCH] [REVIEW:3-5, 3-5-0] fdo#34432 ODBC crash on 64 bits · Michael Stahl

Privacy Policy | Impressum (Legal Info) | Copyright information: Unless otherwise specified, all text and images on this website are licensed under the Creative Commons Attribution-Share Alike 3.0 License. This does not include the source code of LibreOffice, which is licensed under the Mozilla Public License (MPLv2). "LibreOffice" and "The Document Foundation" are registered trademarks of their corresponding registered owners or are in actual use as trademarks in one or more countries. Their respective logos and icons are also subject to international copyright laws. Use thereof is explained in our trademark policy.