On 14/02/12 15:37, Lionel Elie Mamane wrote: > Yet another odbc on 64 bit crash because of wrong buffer size. This is > supposed to be a SQLLEN but was hardcoded as 4 bytes. > > You can see that e.g. in > connectivity/source/drivers/odbcbase/OPreparedStatement.cxx, > OPreparedStatement::setNull: > > sal_Int8* lenBuf = getLengthBuf (parameterIndex); > *(SQLLEN*)lenBuf = SQL_NULL_DATA; > > getLengthBuf just returns the paramLength member of the corresponding > OBoundParam. > > On my machine in my (debug) build, that (or maybe some other piece of > code, such as
> would overwrite malloc's metadata, and thus in the OBoundParameter destructor: > delete [] paramLength; > would call abort() because "bad pointer". ouch. > Please apply to libreoffice-3-4 and libreoffice-3-5. pushed to both: http://cgit.freedesktop.org/libreoffice/core/commit/?h=libreoffice-3-5&id=f3f925c8a4784cf578d2ab2d1b3f593f582bcdbc http://cgit.freedesktop.org/libreoffice/libs-core/commit/?h=libreoffice-3-4&id=adb1ed5f13b4638690ca2966138eb2c61bdb1b53 _______________________________________________ LibreOffice mailing list LibreOffice@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/libreoffice