Changeset: 3086be25873d for MonetDB
URL: https://dev.monetdb.org/hg/MonetDB/rev/3086be25873d
Modified Files:
clients/odbc/driver/SQLColAttribute.c
clients/odbc/driver/SQLGetDescField.c
Branch: default
Log Message:
Add check for negative BufferLength, before calling malloc.
diffs (32 lines):
diff --git a/clients/odbc/driver/SQLColAttribute.c
b/clients/odbc/driver/SQLColAttribute.c
--- a/clients/odbc/driver/SQLColAttribute.c
+++ b/clients/odbc/driver/SQLColAttribute.c
@@ -376,7 +376,12 @@ SQLColAttributeW(SQLHSTMT StatementHandl
case SQL_DESC_SCHEMA_NAME: /* SQL_COLUMN_OWNER_NAME */
case SQL_DESC_TABLE_NAME: /* SQL_COLUMN_TABLE_NAME */
case SQL_DESC_TYPE_NAME: /* SQL_COLUMN_TYPE_NAME */
- ptr = malloc(BufferLength);
+ if (BufferLength < 0) {
+ /* Invalid string or buffer length */
+ addStmtError(stmt, "HY090", NULL, 0);
+ return SQL_ERROR;
+ }
+ ptr = (SQLPOINTER) malloc(BufferLength);
if (ptr == NULL) {
/* Memory allocation error */
addStmtError(stmt, "HY001", NULL, 0);
diff --git a/clients/odbc/driver/SQLGetDescField.c
b/clients/odbc/driver/SQLGetDescField.c
--- a/clients/odbc/driver/SQLGetDescField.c
+++ b/clients/odbc/driver/SQLGetDescField.c
@@ -362,6 +362,11 @@ SQLGetDescFieldW(SQLHDESC DescriptorHand
case SQL_DESC_SCHEMA_NAME:
case SQL_DESC_TABLE_NAME:
case SQL_DESC_TYPE_NAME:
+ if (BufferLength < 0) {
+ /* Invalid string or buffer length */
+ addDescError(desc, "HY090", NULL, 0);
+ return SQL_ERROR;
+ }
ptr = (SQLPOINTER) malloc(BufferLength);
if (ptr == NULL) {
/* Memory allocation error */
_______________________________________________
checkin-list mailing list -- [email protected]
To unsubscribe send an email to [email protected]
