On Fri, 4 May 2012 01:55:44 +0200 I wrote:
VZ> Please let me know if you see any problems with this patch and if it can
VZ> be applied to the official version otherwise (or if you prefer to receive
VZ> patch submissions in some other way, e.g. via git pull requests).
VZ>
VZ> Thanks,
VZ> VZ
VZ>
VZ> --- a/src/backends/odbc/standard-use-type.cpp
VZ> +++ b/src/backends/odbc/standard-use-type.cpp
VZ> @@ -189,14 +189,9 @@ void odbc_standard_use_type_backend::pre_use(indicator
const *ind)
VZ> {
VZ> std::string *s = static_cast<std::string *>(data_);
VZ> std::size_t const bufSize = s->size() + 1;
VZ> - // TODO: this is a hack (for buffer re-size? --mloskot)
VZ> - //delete [] buf_;
VZ> - //buf_ = new char[bufSize];
VZ> -
VZ> - std::size_t const sSize = s->size();
VZ> - std::size_t const toCopy = sSize < bufSize -1 ? sSize + 1 :
bufSize - 1;
VZ> - strncpy(buf_, s->c_str(), toCopy);
VZ> - buf_[toCopy] = '\0';
VZ> + delete [] buf_;
VZ> + buf_ = new char[bufSize];
VZ> + strcpy(buf_, s->c_str());
VZ> }
VZ> else if (type_ == x_stdtm)
VZ> {Just to make sure nobody applies this patch accidentally, let me leave a note for the posterity in the mailing list archives: This patch is wrong, while it fixes the buffer overflow, it also breaks ODBC parameters binding. The correct patch can be found in the "ODBC backend broken for custom types -- now with the fix" message found at http://www.mail-archive.com/[email protected]/msg00982.html Hope this helps, VZ
pgpzC0DlCGPYy.pgp
Description: PGP signature
------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________ Soci-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/soci-users
