[
https://issues.apache.org/jira/browse/TRAFODION-2725?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16168088#comment-16168088
]
ASF GitHub Bot commented on TRAFODION-2725:
-------------------------------------------
Github user selvaganesang commented on a diff in the pull request:
https://github.com/apache/incubator-trafodion/pull/1220#discussion_r139188923
--- Diff: win-odbc64/odbcclient/drvr35/drvrglobal.cpp ---
@@ -865,77 +865,18 @@ bool use_gcvt(double number, char* string, short size)
bool double_to_char (double number, int precision, char* string, short
size)
{
- char *buffer,*temp ;
- bool rc = true;
-
- int decimal_spot,
- sign,
- count,
- current_location = 0,
- length;
-
- *string = 0;
-
- temp = _fcvt (number, precision, &decimal_spot, &sign) ;
- length = strlen(temp);
- if (length == 0)
- {
- return use_gcvt(number,string,size);
- }
- if (length > precision)
- buffer = (char *) malloc (length + 3) ;
- else
- buffer = (char *) malloc (precision + 3) ;
-
- if (buffer == NULL)
- return false;
-
-/* Add negative sign if required. */
-
- if (sign)
- buffer [current_location++] = '-' ;
-
-/* Place decimal point in the correct location. */
-
- if (decimal_spot > 0)
- {
- strncpy (&buffer [current_location], temp, decimal_spot) ;
- buffer [decimal_spot + current_location] = '.' ;
- strcpy (&buffer [decimal_spot + current_location + 1],
- &temp [decimal_spot]) ;
- }
- else
- {
- buffer [current_location] = '.' ;
- for(count = current_location;
- count< abs(decimal_spot)+current_location; count++)
- buffer [count + 1] = '0' ;
- strcpy (&buffer [count + 1], temp) ;
- }
+ bool rc = false;
+ char format[16];
+ char buf[MAX_DOUBLE_TO_CHAR_LEN];
- rSup(buffer);
- length = strlen(buffer);
- if (buffer[0] == '.' || (buffer[0] == '-' && buffer[1] == '.'))
length++;
+ sprintf(format, "%%.%dlg", precision);
+ sprintf(buf, format, number);
--- End diff --
There is a risk of writing out of range because precision is not checked to
be within the buf size. Also, you need to allow the numbers to be truncated
after a decimal even when there is no sufficient length passed by the caller.
So size can be less than strlen(buf) as long as the fraction part alone is
getting cut.
> SQL types are REAL, FLOAT, and DOUBLE. Some values are inserted, a stack
> overflow occurs when SQLGetData is executed.
> ---------------------------------------------------------------------------------------------------------------------
>
> Key: TRAFODION-2725
> URL: https://issues.apache.org/jira/browse/TRAFODION-2725
> Project: Apache Trafodion
> Issue Type: Bug
> Components: client-odbc-windows
> Affects Versions: 2.2-incubating
> Reporter: 苏锦佩
> Fix For: 2.2-incubating
>
>
> The inserted value is -2.22507e-308, and the SQLGetData receive buffer is
> greater than 256,when the double column data is fetched, the program sends a
> crash.
> example:
> TCHAR tempbuf[256] = {0};
> SQLExecDirect(hstmt, (SQLTCHAR*)"CREATE TABLE TB_DOUBLE (ID INT, C DOUBLE
> PRECISION)", SQL_NTS);
> SQLExecDirect(hstmt, (SQLTCHAR*)"INSERT INTO TB_DOUBLE VALUES
> (1,-2.22507e-308)", SQL_NTS);
> SQLExecDirect(hstmt, (SQLTCHAR*)"SELECT * FROM TB_DOUBLE", SQL_NTS);
> SQLNumResultCols(hstmt, &numOfCols);
> SQLFetch(hstmt);
> for(i = 1; i <= numOfCols; i++){
> SQLGetData(hstmt,(SWORD)i,SQL_C_CHAR,tempbuf,sizeof(tempbuf),&len);
> }
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
