Good Morning,
at OpenBSC/NITB we are using libdbi to access a sqlite3 database. We
have changed the schema and I write some database code but I am plagued
with crashes and memory corruption. I'm more plagued when I issue
a "BEGIN TRANSACTION" during the migration.
Long story short:
if ((temp = malloc(from_length*2)) == NULL) {
return 0;
}
a.) from_length == 0, then a valid piece of memory that can hold 0 bytes
will be returned. But there is no place to writhe the two quotes and the
NUL.
b.) orig="\353\260\v", from_length=3. Apparently this string requires
full escaping/encoding too. It will write 6 bytes and the last quote
and NUL will be written out of bounds.
This applies to libdbi 0.8 and the latest git. A calculation like in
the MySQL driver should be used instead:
/* we allocate what mysql_real_escape_string needs, plus an extra
two escape chars and a terminating zero*/
temp = malloc(2*from_length+1+2);
Can this be fixed? Can you make new 0.8/0.9 releases with that? Or
can you provide a work-around?
holger
------------------------------------------------------------------------------
Subversion Kills Productivity. Get off Subversion & Make the Move to Perforce.
With Perforce, you get hassle-free workflows. Merge that actually works.
Faster operations. Version large binaries. Built-in WAN optimization and the
freedom to use Git, Perforce or both. Make the move to Perforce.
http://pubads.g.doubleclick.net/gampad/clk?id=122218951&iu=/4140/ostg.clktrk
_______________________________________________
Libdbi-drivers-devel mailing list
Libdbi-drivers-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/libdbi-drivers-devel
