Skip to content

Commit 46d61eb

Browse files
author
Michael Meskes
committed
Fixed a buffer overrun that was masked on Linux systems.
1 parent 121dd1c commit 46d61eb

File tree

4 files changed

+40
-36
lines changed

4 files changed

+40
-36
lines changed

src/interfaces/ecpg/ChangeLog

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -2095,11 +2095,13 @@ Mo Aug 14 10:39:59 CEST 2006
20952095
- Fixed broken newline on Windows.
20962096
- Fixed a nasty buffer underrun that only occured when using Informix
20972097
no_indicator NULL setting on timestamps and intervals.
2098+
<<<<<<< ChangeLog
20982099

20992100
Fr 18. Aug 17:32:54 CEST 2006
21002101

21012102
- Changed lexer to no longer use the default rule.
21022103
- Synced parser and keyword list.
21032104
- Fixed parsing of CONNECT statement so it accepts a C string again.
2105+
- Fixed a buffer overrun that was masked on Linux systems.
21042106
- Set ecpg library version to 5.2.
21052107
- Set ecpg version to 4.2.1.

src/interfaces/ecpg/ecpglib/execute.c

Lines changed: 33 additions & 31 deletions
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,4 @@
1-
/* $PostgreSQL: pgsql/src/interfaces/ecpg/ecpglib/execute.c,v 1.58 2006/08/09 09:08:31 meskes Exp $ */
1+
/* $PostgreSQL: pgsql/src/interfaces/ecpg/ecpglib/execute.c,v 1.59 2006/08/18 16:30:53 meskes Exp $ */
22

33
/*
44
* The aim is to get a simpler inteface to the database routines.
@@ -572,19 +572,21 @@ ECPGstore_input(const int lineno, const bool force_indicator, const struct varia
572572
}
573573
if (**tobeinserted_p == '\0')
574574
{
575+
int asize = var->arrsize? var->arrsize : 1;
576+
575577
switch (var->type)
576578
{
577579
int element;
578580

579581
case ECPGt_short:
580-
if (!(mallocedval = ECPGalloc(var->arrsize * 20, lineno)))
582+
if (!(mallocedval = ECPGalloc(asize * 20, lineno)))
581583
return false;
582584

583-
if (var->arrsize > 1)
585+
if (asize > 1)
584586
{
585587
strcpy(mallocedval, "array [");
586588

587-
for (element = 0; element < var->arrsize; element++)
589+
for (element = 0; element < asize; element++)
588590
sprintf(mallocedval + strlen(mallocedval), "%hd,", ((short *) var->value)[element]);
589591

590592
strcpy(mallocedval + strlen(mallocedval) - 1, "]");
@@ -597,14 +599,14 @@ ECPGstore_input(const int lineno, const bool force_indicator, const struct varia
597599
break;
598600

599601
case ECPGt_int:
600-
if (!(mallocedval = ECPGalloc(var->arrsize * 20, lineno)))
602+
if (!(mallocedval = ECPGalloc(asize * 20, lineno)))
601603
return false;
602604

603-
if (var->arrsize > 1)
605+
if (asize > 1)
604606
{
605607
strcpy(mallocedval, "array [");
606608

607-
for (element = 0; element < var->arrsize; element++)
609+
for (element = 0; element < asize; element++)
608610
sprintf(mallocedval + strlen(mallocedval), "%d,", ((int *) var->value)[element]);
609611

610612
strcpy(mallocedval + strlen(mallocedval) - 1, "]");
@@ -617,14 +619,14 @@ ECPGstore_input(const int lineno, const bool force_indicator, const struct varia
617619
break;
618620

619621
case ECPGt_unsigned_short:
620-
if (!(mallocedval = ECPGalloc(var->arrsize * 20, lineno)))
622+
if (!(mallocedval = ECPGalloc(asize * 20, lineno)))
621623
return false;
622624

623-
if (var->arrsize > 1)
625+
if (asize > 1)
624626
{
625627
strcpy(mallocedval, "array [");
626628

627-
for (element = 0; element < var->arrsize; element++)
629+
for (element = 0; element < asize; element++)
628630
sprintf(mallocedval + strlen(mallocedval), "%hu,", ((unsigned short *) var->value)[element]);
629631

630632
strcpy(mallocedval + strlen(mallocedval) - 1, "]");
@@ -637,14 +639,14 @@ ECPGstore_input(const int lineno, const bool force_indicator, const struct varia
637639
break;
638640

639641
case ECPGt_unsigned_int:
640-
if (!(mallocedval = ECPGalloc(var->arrsize * 20, lineno)))
642+
if (!(mallocedval = ECPGalloc(asize * 20, lineno)))
641643
return false;
642644

643-
if (var->arrsize > 1)
645+
if (asize > 1)
644646
{
645647
strcpy(mallocedval, "array [");
646648

647-
for (element = 0; element < var->arrsize; element++)
649+
for (element = 0; element < asize; element++)
648650
sprintf(mallocedval + strlen(mallocedval), "%u,", ((unsigned int *) var->value)[element]);
649651

650652
strcpy(mallocedval + strlen(mallocedval) - 1, "]");
@@ -657,14 +659,14 @@ ECPGstore_input(const int lineno, const bool force_indicator, const struct varia
657659
break;
658660

659661
case ECPGt_long:
660-
if (!(mallocedval = ECPGalloc(var->arrsize * 20, lineno)))
662+
if (!(mallocedval = ECPGalloc(asize * 20, lineno)))
661663
return false;
662664

663-
if (var->arrsize > 1)
665+
if (asize > 1)
664666
{
665667
strcpy(mallocedval, "array [");
666668

667-
for (element = 0; element < var->arrsize; element++)
669+
for (element = 0; element < asize; element++)
668670
sprintf(mallocedval + strlen(mallocedval), "%ld,", ((long *) var->value)[element]);
669671

670672
strcpy(mallocedval + strlen(mallocedval) - 1, "]");
@@ -677,14 +679,14 @@ ECPGstore_input(const int lineno, const bool force_indicator, const struct varia
677679
break;
678680

679681
case ECPGt_unsigned_long:
680-
if (!(mallocedval = ECPGalloc(var->arrsize * 20, lineno)))
682+
if (!(mallocedval = ECPGalloc(asize * 20, lineno)))
681683
return false;
682684

683-
if (var->arrsize > 1)
685+
if (asize > 1)
684686
{
685687
strcpy(mallocedval, "array [");
686688

687-
for (element = 0; element < var->arrsize; element++)
689+
for (element = 0; element < asize; element++)
688690
sprintf(mallocedval + strlen(mallocedval), "%lu,", ((unsigned long *) var->value)[element]);
689691

690692
strcpy(mallocedval + strlen(mallocedval) - 1, "]");
@@ -697,14 +699,14 @@ ECPGstore_input(const int lineno, const bool force_indicator, const struct varia
697699
break;
698700
#ifdef HAVE_LONG_LONG_INT_64
699701
case ECPGt_long_long:
700-
if (!(mallocedval = ECPGalloc(var->arrsize * 30, lineno)))
702+
if (!(mallocedval = ECPGalloc(asize * 30, lineno)))
701703
return false;
702704

703-
if (var->arrsize > 1)
705+
if (asize > 1)
704706
{
705707
strcpy(mallocedval, "array [");
706708

707-
for (element = 0; element < var->arrsize; element++)
709+
for (element = 0; element < asize; element++)
708710
sprintf(mallocedval + strlen(mallocedval), "%lld,", ((long long *) var->value)[element]);
709711

710712
strcpy(mallocedval + strlen(mallocedval) - 1, "]");
@@ -717,14 +719,14 @@ ECPGstore_input(const int lineno, const bool force_indicator, const struct varia
717719
break;
718720

719721
case ECPGt_unsigned_long_long:
720-
if (!(mallocedval = ECPGalloc(var->arrsize * 30, lineno)))
722+
if (!(mallocedval = ECPGalloc(asize * 30, lineno)))
721723
return false;
722724

723-
if (var->arrsize > 1)
725+
if (asize > 1)
724726
{
725727
strcpy(mallocedval, "array [");
726728

727-
for (element = 0; element < var->arrsize; element++)
729+
for (element = 0; element < asize; element++)
728730
sprintf(mallocedval + strlen(mallocedval), "%llu,", ((unsigned long long *) var->value)[element]);
729731

730732
strcpy(mallocedval + strlen(mallocedval) - 1, "]");
@@ -737,14 +739,14 @@ ECPGstore_input(const int lineno, const bool force_indicator, const struct varia
737739
break;
738740
#endif /* HAVE_LONG_LONG_INT_64 */
739741
case ECPGt_float:
740-
if (!(mallocedval = ECPGalloc(var->arrsize * 25, lineno)))
742+
if (!(mallocedval = ECPGalloc(asize * 25, lineno)))
741743
return false;
742744

743-
if (var->arrsize > 1)
745+
if (asize > 1)
744746
{
745747
strcpy(mallocedval, "array [");
746748

747-
for (element = 0; element < var->arrsize; element++)
749+
for (element = 0; element < asize; element++)
748750
sprintf(mallocedval + strlen(mallocedval), "%.14g,", ((float *) var->value)[element]);
749751

750752
strcpy(mallocedval + strlen(mallocedval) - 1, "]");
@@ -757,14 +759,14 @@ ECPGstore_input(const int lineno, const bool force_indicator, const struct varia
757759
break;
758760

759761
case ECPGt_double:
760-
if (!(mallocedval = ECPGalloc(var->arrsize * 25, lineno)))
762+
if (!(mallocedval = ECPGalloc(asize * 25, lineno)))
761763
return false;
762764

763-
if (var->arrsize > 1)
765+
if (asize > 1)
764766
{
765767
strcpy(mallocedval, "array [");
766768

767-
for (element = 0; element < var->arrsize; element++)
769+
for (element = 0; element < asize; element++)
768770
sprintf(mallocedval + strlen(mallocedval), "%.14g,", ((double *) var->value)[element]);
769771

770772
strcpy(mallocedval + strlen(mallocedval) - 1, "]");

src/interfaces/ecpg/test/complex/test4.pgc

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -27,7 +27,7 @@ EXEC SQL BEGIN DECLARE SECTION;
2727
int *did = &i;
2828
int a[10] = {9,8,7,6,5,4,3,2,1,0};
2929
char text[25] = "klmnopqrst";
30-
char *t = (char *)malloc(10);
30+
char *t = (char *)malloc(11);
3131
double f;
3232
bool b = true;
3333
EXEC SQL END DECLARE SECTION;

src/interfaces/ecpg/test/expected/complex-test4.c

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -140,7 +140,7 @@ main (void)
140140
char text [ 25 ] = "klmnopqrst" ;
141141

142142
#line 30 "test4.pgc"
143-
char * t = ( char * ) malloc ( 10 ) ;
143+
char * t = ( char * ) malloc ( 11 ) ;
144144

145145
#line 31 "test4.pgc"
146146
double f ;
@@ -184,14 +184,14 @@ if (sqlca.sqlcode < 0) sqlprint();}
184184
#line 46 "test4.pgc"
185185

186186

187-
{ ECPGdo(__LINE__, 0, 1, NULL, "insert into test ( f , i , a , text , b , t , err ) values( 404.90 , 3 , '{0,1,2,3,4,5,6,7,8,9}' , 'abcdefghij' , 'f' , 0 , 0 )", ECPGt_EOIT, ECPGt_EORT);
187+
{ ECPGdo(__LINE__, 0, 1, NULL, "insert into test ( f , i , a , text , b , t , err ) values( 404.90 , 3 , '{0,1,2,3,4,5,6,7,8,9}' , 'abcdefghij' , 'f' , 0 , 0 ) ", ECPGt_EOIT, ECPGt_EORT);
188188
#line 48 "test4.pgc"
189189

190190
if (sqlca.sqlcode < 0) sqlprint();}
191191
#line 48 "test4.pgc"
192192

193193

194-
{ ECPGdo(__LINE__, 0, 1, NULL, "insert into test ( f , i , a , text , b , t , err ) values( 140787.0 , 2 , ? , ? , 't' , 2 , 14 )",
194+
{ ECPGdo(__LINE__, 0, 1, NULL, "insert into test ( f , i , a , text , b , t , err ) values( 140787.0 , 2 , ? , ? , 't' , 2 , 14 ) ",
195195
ECPGt_int,(a),(long)1,(long)10,sizeof(int),
196196
ECPGt_NO_INDICATOR, NULL , 0L, 0L, 0L,
197197
ECPGt_char,(text),(long)25,(long)1,(25)*sizeof(char),
@@ -205,7 +205,7 @@ if (sqlca.sqlcode < 0) sqlprint();}
205205

206206

207207

208-
{ ECPGdo(__LINE__, 0, 1, NULL, "insert into test ( f , i , a , text , b , t , err ) values( 14.07 , ? , ? , ? , ? , 1 , 147 )",
208+
{ ECPGdo(__LINE__, 0, 1, NULL, "insert into test ( f , i , a , text , b , t , err ) values( 14.07 , ? , ? , ? , ? , 1 , 147 ) ",
209209
ECPGt_int,&(did),(long)1,(long)0,sizeof(int),
210210
ECPGt_NO_INDICATOR, NULL , 0L, 0L, 0L,
211211
ECPGt_int,(a),(long)1,(long)10,sizeof(int),

0 commit comments

Comments
 (0)