Hi!
Was a part of a bug fix:
http://bazaar.launchpad.net/%7Edrizzle-developers/drizzle/development/revision/1022.5.1
So we need to patch this.
Cheers,
-Brian
On May 27, 2009, at 5:52 AM, Paul McCullagh wrote:
A recent change to the String class (sql_string.h) causes a crash or
overwrite.
This is the new code:
inline char *c_ptr()
{
if (str_length == Alloced_length)
(void) realloc(str_length);
else
Ptr[str_length]= 0;
}
The problem is that Alloced_length can be zero. This means the
buffer was not allocated in the string object.
In this case the function either crashes or overwrites.
This is the original implementation, which looks fine to me, except
that it might not be "safe":
inline char *c_ptr()
{
if (!Ptr || Ptr[str_length]) /* Should be safe */
(void) realloc(str_length);
return Ptr;
}
It may not be safe because the user of c_ptr may not always be able
to assume the zero terminator will remain zero.
For this purpose we have String::c_ptr_safe().
Anyway, the question: was this the reason for the change to
String::c_ptr()?
--
Paul McCullagh
PrimeBase Technologies
www.primebase.org
www.blobstreaming.org
pbxt.blogspot.com
_______________________________________________
Mailing list: https://launchpad.net/~drizzle-discuss
Post to : [email protected]
Unsubscribe : https://launchpad.net/~drizzle-discuss
More help : https://help.launchpad.net/ListHelp
--
_______________________________________________________
Brian "Krow" Aker, brian at tangent.org
Seattle, Washington
http://krow.net/ <-- Me
http://tangent.org/ <-- Software
_______________________________________________________
You can't grep a dead tree.
_______________________________________________
Mailing list: https://launchpad.net/~drizzle-discuss
Post to : [email protected]
Unsubscribe : https://launchpad.net/~drizzle-discuss
More help : https://help.launchpad.net/ListHelp