[PATCH] [REVIEW:3-5,3-4] odbc 64 bits crash
Lionel Elie Mamane
lionel at mamane.lu
Tue Feb 14 06:37:21 PST 2012
Yet another odbc on 64 bit crash because of wrong buffer size. This is
supposed to be a SQLLEN but was hardcoded as 4 bytes.
You can see that e.g. in
sal_Int8* lenBuf = getLengthBuf (parameterIndex);
*(SQLLEN*)lenBuf = SQL_NULL_DATA;
getLengthBuf just returns the paramLength member of the corresponding
On my machine in my (debug) build, that (or maybe some other piece of
code, such as
line 875: memcpy (lenBuf, &atExec, sizeof (atExec));
line 882: N3SQLBindParameter(m_aStatementHandle,
would overwrite malloc's metadata, and thus in the OBoundParameter destructor:
delete  paramLength;
would call abort() because "bad pointer".
Please apply to libreoffice-3-4 and libreoffice-3-5.
BTW, even after "export MALLOC_CHECK_=3", I wouldn't get free() to
properly complain on stderr, gdb showed malloc_printerr called with
action=2 instead of action=3. Quid?
More information about the LibreOffice