[Libreoffice-bugs] [Bug 138691] Crash when trying to save a form using an image bigger than length of Binary fix field

bugzilla-daemon at bugs.documentfoundation.org bugzilla-daemon at bugs.documentfoundation.org
Sun Dec 6 11:20:59 UTC 2020 

https://bugs.documentfoundation.org/show_bug.cgi?id=138691

Julien Nabet <serval2412 at yahoo.fr> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |lionel at mamane.lu,
                   |                            |robert at familiegrosskopf.de

--- Comment #2 from Julien Nabet <serval2412 at yahoo.fr> ---
Robert: would you have some minutes to reproduce this?

Lionel: taking a look at the bt, the pb is here:
   1847             case DataType::BINARY:
   1848             case DataType::VARBINARY:
   1849             case DataType::LONGVARBINARY:
   1850             case DataType::BLOB:
   1851                 {
   1852                     Any x(_rValue.makeAny());
   1853                     Sequence< sal_Int8> aBytes;
   1854                     if(x >>= aBytes)
   1855                         _xParams->setBytes(parameterIndex,aBytes);
See
https://opengrok.libreoffice.org/xref/core/connectivity/source/commontools/dbtools.cxx?r=d6d80c4e#1847

after x >>= aBytes, aBytes is just a sequence of 0 because we get over max
size.
So setBytes is called with a 0 size sequence and it crashes.

A simple fix would be to change "if" condition to also test that aBytes is not
a 0 length sequence.
Pb is the user isn't warned about the pb.

Another fix would be to add a specific test length and create a new string
message here:
connectivity/inc/strings.hrc
like:
"The image is too big compared for the field." (it can be greatly improved I
suppose, it's just to give an idea).

I'm pretty sureit's not specific to Firebird but with HSQLDB, as indicated in
initial description, length of the Binary (fix) BINARY is 2147483647 and it's
readonly (I didn't investigate why).

Remark: I don't know how "Any" => "Sequence" conversion takes length into
account to retrieve 0 size when the image is too big.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/libreoffice-bugs/attachments/20201206/d3e6624f/attachment.htm>

More information about the Libreoffice-bugs mailing list