Let's fix this properly. Get rid of these raw pointers and use
vector<char>. Ensure it is bound properly too.
On Thu, May 24, 2012 at 4:38 PM, Vadim Zeitlin <[email protected]> wrote:
> On Fri, 4 May 2012 01:55:44 +0200 I wrote:
>
> VZ> Please let me know if you see any problems with this patch and if it
> can
> VZ> be applied to the official version otherwise (or if you prefer to
> receive
> VZ> patch submissions in some other way, e.g. via git pull requests).
> VZ>
> VZ> Thanks,
> VZ> VZ
> VZ>
> VZ> --- a/src/backends/odbc/standard-use-type.cpp
> VZ> +++ b/src/backends/odbc/standard-use-type.cpp
> VZ> @@ -189,14 +189,9 @@ void
> odbc_standard_use_type_backend::pre_use(indicator const *ind)
> VZ> {
> VZ> std::string *s = static_cast<std::string *>(data_);
> VZ> std::size_t const bufSize = s->size() + 1;
> VZ> - // TODO: this is a hack (for buffer re-size? --mloskot)
> VZ> - //delete [] buf_;
> VZ> - //buf_ = new char[bufSize];
> VZ> -
> VZ> - std::size_t const sSize = s->size();
> VZ> - std::size_t const toCopy = sSize < bufSize -1 ? sSize + 1 :
> bufSize - 1;
> VZ> - strncpy(buf_, s->c_str(), toCopy);
> VZ> - buf_[toCopy] = '\0';
> VZ> + delete [] buf_;
> VZ> + buf_ = new char[bufSize];
> VZ> + strcpy(buf_, s->c_str());
> VZ> }
> VZ> else if (type_ == x_stdtm)
> VZ> {
>
> Just to make sure nobody applies this patch accidentally, let me leave a
> note for the posterity in the mailing list archives:
>
> This patch is wrong, while it fixes the buffer overflow, it also breaks
> ODBC parameters binding. The correct patch can be found in the "ODBC
> backend broken for custom types -- now with the fix" message found at
> http://www.mail-archive.com/[email protected]/msg00982.html
>
> Hope this helps,
> VZ
>
>
> ------------------------------------------------------------------------------
> Live Security Virtual Conference
> Exclusive live event will cover all the ways today's security and
> threat landscape has changed and how IT managers can respond. Discussions
> will include endpoint security, mobile security and the latest in malware
> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
> _______________________________________________
> Soci-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/soci-users
>
>
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Soci-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/soci-users
