Yes I recall this bug it was a very bad one and we had to fix it too.
I really think it would be better if SOCI used vector<char> to store the
data rather than new[] and delete[] statements.
On Mon, May 7, 2012 at 4:31 PM, Vadim Zeitlin <[email protected]> wrote:
> Hello again,
>
> Currently the code in odbc_standard_use_type_backend::pre_use() can
> overflow the buffer for x_stdstring type variables as it's allocated to the
> size of the string in prepare_for_bind() but the string value can change
> afterwards, e.g. if you do this:
>
> std::string str;
> statement st(session);
> st.alloc();
> st.prepare(query);
> st.exchange(use(str));
> st.define_and_bind();
>
> str = "Hello world!";
>
> st.execute(true);
>
> Granted, this is not a normal use case but it still seems wrong to corrupt
> the buffer in this situation. The patch below ensures that the buffer is of
> correct size by uncommenting the code that allocated it in pre_use(), it
> really must be done there. In fact the allocation in prepare_for_bind() is
> almost certainly unnecessary and could probably be just removed but I'm not
> sure to understand the code in all details so for now I didn't change this.
>
> Please let me know if you see any problems with this patch and if it can
> be applied to the official version otherwise (or if you prefer to receive
> patch submissions in some other way, e.g. via git pull requests).
>
> Thanks,
> VZ
>
> --- a/src/backends/odbc/standard-use-type.cpp
> +++ b/src/backends/odbc/standard-use-type.cpp
> @@ -189,14 +189,9 @@ void
> odbc_standard_use_type_backend::pre_use(indicator const *ind)
> {
> std::string *s = static_cast<std::string *>(data_);
> std::size_t const bufSize = s->size() + 1;
> - // TODO: this is a hack (for buffer re-size? --mloskot)
> - //delete [] buf_;
> - //buf_ = new char[bufSize];
> -
> - std::size_t const sSize = s->size();
> - std::size_t const toCopy = sSize < bufSize -1 ? sSize + 1 :
> bufSize - 1;
> - strncpy(buf_, s->c_str(), toCopy);
> - buf_[toCopy] = '\0';
> + delete [] buf_;
> + buf_ = new char[bufSize];
> + strcpy(buf_, s->c_str());
> }
> else if (type_ == x_stdtm)
> {
>
>
> ------------------------------------------------------------------------------
> Live Security Virtual Conference
> Exclusive live event will cover all the ways today's security and
> threat landscape has changed and how IT managers can respond. Discussions
> will include endpoint security, mobile security and the latest in malware
> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
> _______________________________________________
> Soci-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/soci-users
>
>
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Soci-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/soci-users
