[PUSHED] Re: [PATCH] [REVIEW:3-5,3-4] odbc 64 bits crash
Michael Stahl
mstahl at redhat.com
Tue Feb 14 07:28:25 PST 2012
On 14/02/12 15:37, Lionel Elie Mamane wrote:
> Yet another odbc on 64 bit crash because of wrong buffer size. This is
> supposed to be a SQLLEN but was hardcoded as 4 bytes.
>
> You can see that e.g. in
> connectivity/source/drivers/odbcbase/OPreparedStatement.cxx,
> OPreparedStatement::setNull:
>
> sal_Int8* lenBuf = getLengthBuf (parameterIndex);
> *(SQLLEN*)lenBuf = SQL_NULL_DATA;
>
> getLengthBuf just returns the paramLength member of the corresponding
> OBoundParam.
>
> On my machine in my (debug) build, that (or maybe some other piece of
> code, such as
> would overwrite malloc's metadata, and thus in the OBoundParameter destructor:
> delete [] paramLength;
> would call abort() because "bad pointer".
ouch.
> Please apply to libreoffice-3-4 and libreoffice-3-5.
pushed to both:
http://cgit.freedesktop.org/libreoffice/core/commit/?h=libreoffice-3-5&id=f3f925c8a4784cf578d2ab2d1b3f593f582bcdbc
http://cgit.freedesktop.org/libreoffice/libs-core/commit/?h=libreoffice-3-4&id=adb1ed5f13b4638690ca2966138eb2c61bdb1b53
More information about the LibreOffice
mailing list