Hello,
The DBD::Oracle 1.26 code
http://cpansearch.perl.org/src/TIMB/DBD-Oracle-1.26/oci8.c
declares
char new_tablename[100];
in the if branch in init_lob_refetch, and then assigns
tablename=new_tablename;
and then uses the tablename outside of that if block. So the
tablename pointer points to a random address on the stack.
It causes problems described at
http://rt.cpan.org/Public/Bug/Display.html?id=61511
https://bugzilla.redhat.com/show_bug.cgi?id=548489
Note that it's kinda related to
http://rt.cpan.org/Public/Bug/Display.html?id=36069#txn-464638
where it's said
Used some of the code form the patch there was no need to
create a char [100] outside the if statement though.
I'd claim that it is actually necessary to declare it outside of
that block because even if the name goes out of scope at the end
of the block, the tablename pointer still points to it.
Please apply
--- oci8.c.orig 2010-11-16 16:26:42.459208675 +0100
+++ oci8.c 2010-11-16 16:27:27.194207404 +0100
@@ -4030,6 +4030,7 @@
ub2 numcols = 0;
imp_fbh_t *fbh;
int unmatched_params;
+ char new_tablename[100];
I32 i,j;
char *p;
lob_refetch_t *lr = NULL;
@@ -4067,7 +4068,6 @@
if (status == OCI_SUCCESS) { /* There is a synonym, get the schema */
char *syn_schema=NULL;
char syn_name[100];
- char new_tablename[100];
ub4 tn_len = 0, syn_schema_len = 0;
strncpy(syn_name,tablename,strlen(tablename));
to DBD::Oracle.
Thank you,
--
Jan Pazdziora
