Date: prev next · Thread: first prev next last
2012 Archives by date, by thread · List index


On 14/02/12 15:37, Lionel Elie Mamane wrote:
Yet another odbc on 64 bit crash because of wrong buffer size. This is
supposed to be a SQLLEN but was hardcoded as 4 bytes.

You can see that e.g. in
connectivity/source/drivers/odbcbase/OPreparedStatement.cxx,
OPreparedStatement::setNull:

    sal_Int8* lenBuf = getLengthBuf (parameterIndex);
    *(SQLLEN*)lenBuf = SQL_NULL_DATA;

getLengthBuf just returns the paramLength member of the corresponding
OBoundParam.

On my machine in my (debug) build, that (or maybe some other piece of
code, such as

would overwrite malloc's metadata, and thus in the OBoundParameter destructor:
    delete [] paramLength;
would call abort() because "bad pointer".

ouch.

Please apply to libreoffice-3-4 and libreoffice-3-5.

pushed to both:

http://cgit.freedesktop.org/libreoffice/core/commit/?h=libreoffice-3-5&id=f3f925c8a4784cf578d2ab2d1b3f593f582bcdbc

http://cgit.freedesktop.org/libreoffice/libs-core/commit/?h=libreoffice-3-4&id=adb1ed5f13b4638690ca2966138eb2c61bdb1b53



Context


Privacy Policy | Impressum (Legal Info) | Copyright information: Unless otherwise specified, all text and images on this website are licensed under the Creative Commons Attribution-Share Alike 3.0 License. This does not include the source code of LibreOffice, which is licensed under the Mozilla Public License (MPLv2). "LibreOffice" and "The Document Foundation" are registered trademarks of their corresponding registered owners or are in actual use as trademarks in one or more countries. Their respective logos and icons are also subject to international copyright laws. Use thereof is explained in our trademark policy.