[Libreoffice-bugs] [Bug 112947] Possible write to free'd memory in OResultSet.cxx
bugzilla-daemon at bugs.documentfoundation.org
bugzilla-daemon at bugs.documentfoundation.org
Sat Oct 7 16:39:55 UTC 2017
https://bugs.documentfoundation.org/show_bug.cgi?id=112947
Julien Nabet <serval2412 at yahoo.fr> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |lionel at mamane.lu
--- Comment #2 from Julien Nabet <serval2412 at yahoo.fr> ---
(In reply to Nick Gorham from comment #0)
> ...
> A simple (and seems to work) fix is to reset the value when its released.
>
> OResultSet::~OResultSet()
> {
> setStmtOption<SQLUSMALLINT*, SQL_IS_POINTER>(SQL_ATTR_ROW_STATUS_PTR,
> NULL);
> delete [] m_pRowStatusArray;
> delete m_pSkipDeletedSet;
> }
m_pSkipDeletedSet is a unique_ptr so it'll be automatically destroyed in the
destructor of OResultSet
see
https://opengrok.libreoffice.org/xref/core/connectivity/source/inc/odbc/OResultSet.hxx#138
About m_pRowStatusArray, it's also a unique_ptr
see
https://opengrok.libreoffice.org/xref/core/connectivity/source/inc/odbc/OResultSet.hxx#141
so will be automatically destroyed.
About instruction with setStmtOption, it may help but am not sure.
Lionel: any thoughts about this?
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/libreoffice-bugs/attachments/20171007/b68afeb8/attachment.html>
More information about the Libreoffice-bugs
mailing list