Yet another odbc on 64 bit crash because of wrong buffer size. This is supposed to be a SQLLEN but was hardcoded as 4 bytes.
You can see that e.g. in connectivity/source/drivers/odbcbase/OPreparedStatement.cxx, OPreparedStatement::setNull: sal_Int8* lenBuf = getLengthBuf (parameterIndex); *(SQLLEN*)lenBuf = SQL_NULL_DATA; getLengthBuf just returns the paramLength member of the corresponding OBoundParam. On my machine in my (debug) build, that (or maybe some other piece of code, such as line 875: memcpy (lenBuf, &atExec, sizeof (atExec)); line 882: N3SQLBindParameter(m_aStatementHandle, (SQLUSMALLINT)ParameterIndex, (SQLUSMALLINT)SQL_PARAM_INPUT, Ctype, (SQLSMALLINT)SQLtype, (SQLULEN)length, 0, dataBuf, sizeof(ParameterIndex), (SQLLEN*)lenBuf); ) would overwrite malloc's metadata, and thus in the OBoundParameter destructor: delete [] paramLength; would call abort() because "bad pointer". Please apply to libreoffice-3-4 and libreoffice-3-5. Thanks, BTW, even after "export MALLOC_CHECK_=3", I wouldn't get free() to properly complain on stderr, gdb showed malloc_printerr called with action=2 instead of action=3. Quid? -- Lionel
>From 84d21e4de26bd69f7ca5b10f2c72779f07e11347 Mon Sep 17 00:00:00 2001 From: Lionel Elie Mamane <lio...@mamane.lu> Date: Tue, 14 Feb 2012 14:54:03 +0100 Subject: [PATCH] odbc 64 bit crash: correct buffer length allocation for a SQLLEN --- connectivity/source/inc/odbc/OBoundParam.hxx | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/connectivity/source/inc/odbc/OBoundParam.hxx b/connectivity/source/inc/odbc/OBoundParam.hxx index 2310a2e..99a4901 100644 --- a/connectivity/source/inc/odbc/OBoundParam.hxx +++ b/connectivity/source/inc/odbc/OBoundParam.hxx @@ -68,7 +68,7 @@ namespace connectivity // to a Java sal_Int32. The jdbcodbc 'C' bridge provides an // interface to do this. - paramLength = new sal_Int8[4]; + paramLength = new sal_Int8[sizeof(SQLLEN)]; } //-------------------------------------------------------------------- -- 1.7.7.3
_______________________________________________ LibreOffice mailing list LibreOffice@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/libreoffice