Skip to content

Commit 46d61eb

Browse files
author
Michael Meskes
committed
Fixed a buffer overrun that was masked on Linux systems.
1 parent 121dd1c commit 46d61eb

File tree

4 files changed

+40
-36
lines changed

4 files changed

+40
-36
lines changed

src/interfaces/ecpg/ChangeLog

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -2095,11 +2095,13 @@ Mo Aug 14 10:39:59 CEST 2006
20952095
- Fixed broken newline on Windows.
20962096
- Fixed a nasty buffer underrun that only occured when using Informix
20972097
no_indicator NULL setting on timestamps and intervals.
2098+
<<<<<<< ChangeLog
20982099

20992100
Fr 18. Aug 17:32:54 CEST 2006
21002101

21012102
- Changed lexer to no longer use the default rule.
21022103
- Synced parser and keyword list.
21032104
- Fixed parsing of CONNECT statement so it accepts a C string again.
2105+
- Fixed a buffer overrun that was masked on Linux systems.
21042106
- Set ecpg library version to 5.2.
21052107
- Set ecpg version to 4.2.1.

src/interfaces/ecpg/ecpglib/execute.c

Lines changed: 33 additions & 31 deletions
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,4 @@
1-
/* $PostgreSQL: pgsql/src/interfaces/ecpg/ecpglib/execute.c,v 1.58 2006/08/09 09:08:31 meskes Exp $ */
1+
/* $PostgreSQL: pgsql/src/interfaces/ecpg/ecpglib/execute.c,v 1.59 2006/08/18 16:30:53 meskes Exp $ */
22

33
/*
44
* The aim is to get a simpler inteface to the database routines.
@@ -572,19 +572,21 @@ ECPGstore_input(const int lineno, const bool force_indicator, const struct varia
572572
}
573573
if (**tobeinserted_p == '\0')
574574
{
575+
int asize = var->arrsize? var->arrsize : 1;
576+
575577
switch (var->type)
576578
{
577579
int element;
578580

579581
case ECPGt_short:
580-
if (!(mallocedval = ECPGalloc(var->arrsize * 20, lineno)))
582+
if (!(mallocedval = ECPGalloc(asize * 20, lineno)))
581583
return false;
582584

583-
if (var->arrsize > 1)
585+
if (asize > 1)
584586
{
585587
strcpy(mallocedval, "array [");
586588

587-
for (element = 0; element < var->arrsize; element++)
589+
for (element = 0; element < asize; element++)
588590
sprintf(mallocedval + strlen(mallocedval), "%hd,", ((short *) var->value)[element]);
589591

590592
strcpy(mallocedval + strlen(mallocedval) - 1, "]");
@@ -597,14 +599,14 @@ ECPGstore_input(const int lineno, const bool force_indicator, const struct varia
597599
break;
598600

599601
case ECPGt_int:
600-
if (!(mallocedval = ECPGalloc(var->arrsize * 20, lineno)))
602+
if (!(mallocedval = ECPGalloc(asize * 20, lineno)))
601603
return false;
602604

603-
if (var->arrsize > 1)
605+
if (asize > 1)
604606
{
605607
strcpy(mallocedval, "array [");
606608

607-
for (element = 0; element < var->arrsize; element++)
609+
for (element = 0; element < asize; element++)
608610
sprintf(mallocedval + strlen(mallocedval), "%d,", ((int *) var->value)[element]);
609611

610612
strcpy(mallocedval + strlen(mallocedval) - 1, "]");
@@ -617,14 +619,14 @@ ECPGstore_input(const int lineno, const bool force_indicator, const struct varia
617619
break;
618620

619621
case ECPGt_unsigned_short:
620-
if (!(mallocedval = ECPGalloc(var->arrsize * 20, lineno)))
622+
if (!(mallocedval = ECPGalloc(asize * 20, lineno)))
621623
return false;
622624

623-
if (var->arrsize > 1)
625+
if (asize > 1)
624626
{
625627
strcpy(mallocedval, "array [");
626628

627-
for (element = 0; element < var->arrsize; element++)
629+
for (element = 0; element < asize; element++)
628630
sprintf(mallocedval + strlen(mallocedval), "%hu,", ((unsigned short *) var->value)[element]);
629631

630632
strcpy(mallocedval + strlen(mallocedval) - 1, "]");
@@ -637,14 +639,14 @@ ECPGstore_input(const int lineno, const bool force_indicator, const struct varia
637639
break;
638640

639641
case ECPGt_unsigned_int:
640-
if (!(mallocedval = ECPGalloc(var->arrsize * 20, lineno)))
642+
if (!(mallocedval = ECPGalloc(asize * 20, lineno)))
641643
return false;
642644

643-
if (var->arrsize > 1)
645+
if (asize > 1)
644646
{
645647
strcpy(mallocedval, "array [");
646648

647-
for (element = 0; element < var->arrsize; element++)
649+
for (element = 0; element < asize; element++)
648650
sprintf(mallocedval + strlen(mallocedval), "%u,", ((unsigned int *) var->value)[element]);
649651

650652
strcpy(mallocedval + strlen(mallocedval) - 1, "]");
@@ -657,14 +659,14 @@ ECPGstore_input(const int lineno, const bool force_indicator, const struct varia
657659
break;
658660

659661
case ECPGt_long:
660-
if (!(mallocedval = ECPGalloc(var->arrsize * 20, lineno)))
662+
if (!(mallocedval = ECPGalloc(asize * 20, lineno)))
661663
return false;
662664

663-
if (var->arrsize > 1)
665+
if (asize > 1)
664666
{
665667
strcpy(mallocedval, "array [");
666668

667-
for (element = 0; element < var->arrsize; element++)
669+
for (element = 0; element < asize; element++)
668670
sprintf(mallocedval + strlen(mallocedval), "%ld,", ((long *) var->value)[element]);
669671

670672
strcpy(mallocedval + strlen(mallocedval) - 1, "]");
@@ -677,14 +679,14 @@ ECPGstore_input(const int lineno, const bool force_indicator, const struct varia
677679
break;
678680

679681
case ECPGt_unsigned_long:
680-
if (!(mallocedval = ECPGalloc(var->arrsize * 20, lineno)))
682+
if (!(mallocedval = ECPGalloc(asize * 20, lineno)))
681683
return false;
682684

683-
if (var->arrsize > 1)
685+
if (asize > 1)
684686
{
685687
strcpy(mallocedval, "array [");
686688

687-
for (element = 0; element < var->arrsize; element++)
689+
for (element = 0; element < asize; element++)
688690
sprintf(mallocedval + strlen(mallocedval), "%lu,", ((unsigned long *) var->value)[element]);
689691

690692
strcpy(mallocedval + strlen(mallocedval) - 1, "]");
@@ -697,14 +699,14 @@ ECPGstore_input(const int lineno, const bool force_indicator, const struct varia
697699
break;
698700
#ifdef HAVE_LONG_LONG_INT_64
699701
case ECPGt_long_long:
700-
if (!(mallocedval = ECPGalloc(var->arrsize * 30, lineno)))
702+
if (!(mallocedval = ECPGalloc(asize * 30, lineno)))
701703
return false;
702704

703-
if (var->arrsize > 1)
705+
if (asize > 1)
704706
{
705707
strcpy(mallocedval, "array [");
706708

707-
for (element = 0; element < var->arrsize; element++)
709+
for (element = 0; element < asize; element++)
708710
sprintf(mallocedval + strlen(mallocedval), "%lld,", ((long long *) var->value)[element]);
709711

710712
strcpy(mallocedval + strlen(mallocedval) - 1, "]");
@@ -717,14 +719,14 @@ ECPGstore_input(const int lineno, const bool force_indicator, const struct varia
717719
break;
718720

719721
case ECPGt_unsigned_long_long:
720-
if (!(mallocedval = ECPGalloc(var->arrsize * 30, lineno)))
722+
if (!(mallocedval = ECPGalloc(asize * 30, lineno)))
721723
return false;
722724

723-
if (var->arrsize > 1)
725+
if (asize > 1)
724726
{
725727
strcpy(mallocedval, "array [");
726728

727-
for (element = 0; element < var->arrsize; element++)
729+
for (element = 0; element < asize; element++)
728730
sprintf(mallocedval + strlen(mallocedval), "%llu,", ((unsigned long long *) var->value)[element]);
729731

730732
strcpy(mallocedval + strlen(mallocedval) - 1, "]");
@@ -737,14 +739,14 @@ ECPGstore_input(const int lineno, const bool force_indicator, const struct varia
737739
break;
738740
#endif /* HAVE_LONG_LONG_INT_64 */
739741
case ECPGt_float:
740-
if (!(mallocedval = ECPGalloc(var->arrsize * 25, lineno)))
742+
if (!(mallocedval = ECPGalloc(asize * 25, lineno)))
741743
return false;
742744

743-
if (var->arrsize > 1)
745+
if (asize > 1)
744746
{
745747
strcpy(mallocedval, "array [");
746748

747-
for (element = 0; element < var->arrsize; element++)
749+
for (element = 0; element < asize; element++)
748750
sprintf(mallocedval + strlen(mallocedval), "%.14g,", ((float *) var->value)[element]);
749751

750752
strcpy(mallocedval + strlen(mallocedval) - 1, "]");
@@ -757,14 +759,14 @@ ECPGstore_input(const int lineno, const bool force_indicator, const struct varia
757759
break;
758760

759761
case ECPGt_double:
760-
if (!(mallocedval = ECPGalloc(var->arrsize * 25, lineno)))
762+
if (!(mallocedval = ECPGalloc(asize * 25, lineno)))
761763
return false;
762764

763-
if (var->arrsize > 1)
765+
if (asize > 1)
764766
{
765767
strcpy(mallocedval, "array [");
766768

767-
for (element = 0; element < var->arrsize; element++)
769+
for (element = 0; element < asize; element++)
768770
sprintf(mallocedval + strlen(mallocedval), "%.14g,", ((double *) var->value)[element]);
769771

770772
strcpy(mallocedval + strlen(mallocedval) - 1, "]");

src/interfaces/ecpg/test/complex/test4.pgc

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -27,7 +27,7 @@ EXEC SQL BEGIN DECLARE SECTION;
2727
int *did = &i;
2828
int a[10] = {9,8,7,6,5,4,3,2,1,0};
2929
char text[25] = "klmnopqrst";
30-
char *t = (char *)malloc(10);
30+
char *t = (char *)malloc(11);
3131
double f;
3232
bool b = true;
3333
EXEC SQL END DECLARE SECTION;

src/interfaces/ecpg/test/expected/complex-test4.c

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -140,7 +140,7 @@ main (void)
140140
char text [ 25 ] = "klmnopqrst" ;
141141

142142
#line 30 "test4.pgc"
143-
char * t = ( char * ) malloc ( 10 ) ;
143+
char * t = ( char * ) malloc ( 11 ) ;
144144

145145
#line 31 "test4.pgc"
146146
double f ;
@@ -184,14 +184,14 @@ if (sqlca.sqlcode < 0) sqlprint();}
184184
#line 46 "test4.pgc"
185185

186186

187-
{ ECPGdo(__LINE__, 0, 1, NULL, "insert into test ( f , i , a , text , b , t , err ) values( 404.90 , 3 , '{0,1,2,3,4,5,6,7,8,9}' , 'abcdefghij' , 'f' , 0 , 0 )", ECPGt_EOIT, ECPGt_EORT);
187+
{ ECPGdo(__LINE__, 0, 1, NULL, "insert into test ( f , i , a , text , b , t , err ) values( 404.90 , 3 , '{0,1,2,3,4,5,6,7,8,9}' , 'abcdefghij' , 'f' , 0 , 0 ) ", ECPGt_EOIT, ECPGt_EORT);
188188
#line 48 "test4.pgc"
189189

190190
if (sqlca.sqlcode < 0) sqlprint();}
191191
#line 48 "test4.pgc"
192192

193193

194-
{ ECPGdo(__LINE__, 0, 1, NULL, "insert into test ( f , i , a , text , b , t , err ) values( 140787.0 , 2 , ? , ? , 't' , 2 , 14 )",
194+
{ ECPGdo(__LINE__, 0, 1, NULL, "insert into test ( f , i , a , text , b , t , err ) values( 140787.0 , 2 , ? , ? , 't' , 2 , 14 ) ",
195195
ECPGt_int,(a),(long)1,(long)10,sizeof(int),
196196
ECPGt_NO_INDICATOR, NULL , 0L, 0L, 0L,
197197
ECPGt_char,(text),(long)25,(long)1,(25)*sizeof(char),
@@ -205,7 +205,7 @@ if (sqlca.sqlcode < 0) sqlprint();}
205205

206206

207207

208-
{ ECPGdo(__LINE__, 0, 1, NULL, "insert into test ( f , i , a , text , b , t , err ) values( 14.07 , ? , ? , ? , ? , 1 , 147 )",
208+
{ ECPGdo(__LINE__, 0, 1, NULL, "insert into test ( f , i , a , text , b , t , err ) values( 14.07 , ? , ? , ? , ? , 1 , 147 ) ",
209209
ECPGt_int,&(did),(long)1,(long)0,sizeof(int),
210210
ECPGt_NO_INDICATOR, NULL , 0L, 0L, 0L,
211211
ECPGt_int,(a),(long)1,(long)10,sizeof(int),

0 commit comments

Comments
 (0)
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy