Good Morning,

at OpenBSC/NITB we are using libdbi to access a sqlite3 database. We
have changed the schema and I write some database code but I am plagued
with crashes and memory corruption. I'm more plagued when I issue
a "BEGIN TRANSACTION" during the migration.

Long story short:

  if ((temp = malloc(from_length*2)) == NULL) {
    return 0;
  }

a.) from_length == 0, then a valid piece of memory that can hold 0 bytes
will be returned. But there is no place to writhe the two quotes and the
NUL.

b.) orig="\353\260\v", from_length=3. Apparently this string requires
full escaping/encoding too. It will write 6 bytes and the last quote
and NUL will be written out of bounds.

This applies to libdbi 0.8 and the latest git. A calculation like in
the MySQL driver should be used instead:

 /* we allocate what mysql_real_escape_string needs, plus an extra
    two escape chars and a terminating zero*/
  temp = malloc(2*from_length+1+2);

Can this be fixed? Can you make new 0.8/0.9 releases with that? Or
can you provide a work-around?

holger



------------------------------------------------------------------------------
Subversion Kills Productivity. Get off Subversion & Make the Move to Perforce.
With Perforce, you get hassle-free workflows. Merge that actually works. 
Faster operations. Version large binaries.  Built-in WAN optimization and the
freedom to use Git, Perforce or both. Make the move to Perforce.
http://pubads.g.doubleclick.net/gampad/clk?id=122218951&iu=/4140/ostg.clktrk
_______________________________________________
Libdbi-drivers-devel mailing list
Libdbi-drivers-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/libdbi-drivers-devel

Reply via email to