Package: tdsodbc
Version: 0.91-1.0
Severity: important
Tags: upstream patch
tdsodbc segfaults on some calls of SQLTables; in particular it
segfaults when used from LibreOffice, when the user just *browses* the
available tables (not opening a table, selecting data from it; just
browsing the list of tables).
Here's an example backtrace:
#0 0x00007fb82705365c in tds_quote (tds=0x33a3a20, buffer=0x0, quoting=93 ']',
id=
0xffffffffffffffff <Address 0xffffffffffffffff out of bounds>,
len=1106707232) at query.c:2184
#1 0x00007fb82705378c in tds_quote_id (tds=0x33a3a20, buffer=0x0,
id=0xffffffffffffffff <Address 0xffffffffffffffff out of bounds>,
idlen=1106707232) at query.c:2222
#2 0x00007fb827027ff6 in odbc_stat_execute (stmt=0x34e9cc0,
begin=0x7fb8270698cf "..sp_tables", nparams=4) at odbc.c:7049
#3 0x00007fb827027492 in _SQLTables (hstmt=0x34e9cc0, szCatalogName=0x34e5118
"APSAL", cbCatalogName=-3, szSchemaName=0x34e5138 "dbo",
cbSchemaName=-3, szTableName=0x34e4208 "ANALYTIC_VENTILATION",
cbTableName=-3, szTableType=0x34e9ee8 "VIEW,TABLE,%,", cbTableType=-3)
at odbc.c:6793
#4 0x00007fb827026d3c in SQLTables (hstmt=0x34e9cc0, szCatalogName=0x34e5118
"APSAL", cbCatalogName=-3, szSchemaName=0x34e5138 "dbo",
cbSchemaName=-3, szTableName=0x34e4208 "ANALYTIC_VENTILATION",
cbTableName=-3, szTableType=0x34e9ee8 "VIEW,TABLE,%,", cbTableType=-3)
at sqlwparams.h:113
odbc.c:6793 is
if (begin[0] == '.' && strstr(params[i].name,
"qualifier")) {
len += tds_quote_id(stmt->dbc->tds_socket, NULL,
tds_dstr_cstr(¶ms[param_qualifier].value),
tds_dstr_len(¶ms[param_qualifier].value));
param_qualifier = i;
}
Note that the first time this codepath is taken, param_qualifier is
still as initialised at begin of function call, namely
-1. tds_dstr_cstr thus gets passed params[-1].value, which is
"obviously" a nonsensical value.
Switching these two statements fixes the problem. Here is the patch:
--- freetds-0.91.orig/src/odbc/odbc.c
+++ freetds-0.91/src/odbc/odbc.c
@@ -7046,9 +7046,9 @@
len += strlen(params[i].name) +
odbc_quote_metadata(stmt->dbc, params[i].type, NULL,
¶ms[i].value) + 3;
if (begin[0] == '.' && strstr(params[i].name,
"qualifier")) {
+ param_qualifier = i;
len += tds_quote_id(stmt->dbc->tds_socket, NULL,
tds_dstr_cstr(¶ms[param_qualifier].value),
tds_dstr_len(¶ms[param_qualifier].value));
- param_qualifier = i;
}
}
-- System Information:
Debian Release: 6.0.3
APT prefers stable
APT policy: (500, 'stable'), (400, 'testing'), (300, 'unstable'), (1,
'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 3.1.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=fr_LU.UTF-8, LC_CTYPE=fr_LU.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages tdsodbc depends on:
ii debconf [debconf-2.0] 1.5.36.1 Debian configuration management sy
ii freetds-common 0.91-1.0 configuration files for FreeTDS SQ
ii libc6 2.13-21 Embedded GNU C Library: Shared lib
ii libgnutls26 2.12.11-1 GNU TLS library - runtime library
ii odbcinst1debian2 2.2.14p2-4 Support library for accessing odbc
Versions of packages tdsodbc recommends:
ii libodbc1 2.2.14p2-4 ODBC library for Unix
tdsodbc suggests no packages.
-- debconf information:
* freetds/addtoodbc: true
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]
