Fixed a buffer overrun that was masked on Linux systems.

diff --git a/src/interfaces/ecpg/ChangeLog b/src/interfaces/ecpg/ChangeLog
index af7420b3b2752c2594289cb6f0bb8cf78cdb6948..7ebd736829a82443b53c77c2f1a06baf003f98db 100644 (file)
--- a/src/interfaces/ecpg/ChangeLog
+++ b/src/interfaces/ecpg/ChangeLog
@@ -2095,11 +2095,13 @@ Mo Aug 14 10:39:59 CEST 2006
        - Fixed broken newline on Windows.
        - Fixed a nasty buffer underrun that only occured when using Informix
          no_indicator NULL setting on timestamps and intervals.
+<<<<<<< ChangeLog
 
 Fr 18. Aug 17:32:54 CEST 2006
 
        - Changed lexer to no longer use the default rule.
        - Synced parser and keyword list.
        - Fixed parsing of CONNECT statement so it accepts a C string again.
+       - Fixed a buffer overrun that was masked on Linux systems.
        - Set ecpg library version to 5.2.
        - Set ecpg version to 4.2.1.

diff --git a/src/interfaces/ecpg/ecpglib/execute.c b/src/interfaces/ecpg/ecpglib/execute.c
index 9197fef750d00a71c3ca82576fd400baf921e0c5..0eb12e1b1526dca845e2fd6d1892c831aed12f55 100644 (file)
--- a/src/interfaces/ecpg/ecpglib/execute.c
+++ b/src/interfaces/ecpg/ecpglib/execute.c
@@ -1,4 +1,4 @@
-/* $PostgreSQL: pgsql/src/interfaces/ecpg/ecpglib/execute.c,v 1.58 2006/08/09 09:08:31 meskes Exp $ */
+/* $PostgreSQL: pgsql/src/interfaces/ecpg/ecpglib/execute.c,v 1.59 2006/08/18 16:30:53 meskes Exp $ */
 
 /*
  * The aim is to get a simpler inteface to the database routines.
@@ -572,19 +572,21 @@ ECPGstore_input(const int lineno, const bool force_indicator, const struct varia
        }
        if (**tobeinserted_p == '\0')
        {
+               int asize = var->arrsize? var->arrsize : 1;
+
                switch (var->type)
                {
                                int                     element;
 
                        case ECPGt_short:
-                               if (!(mallocedval = ECPGalloc(var->arrsize * 20, lineno)))
+                               if (!(mallocedval = ECPGalloc(asize * 20, lineno)))
                                        return false;
 
-                               if (var->arrsize > 1)
+                               if (asize > 1)
                                {
                                        strcpy(mallocedval, "array [");
 
-                                       for (element = 0; element < var->arrsize; element++)
+                                       for (element = 0; element < asize; element++)
                                                sprintf(mallocedval + strlen(mallocedval), "%hd,", ((short *) var->value)[element]);
 
                                        strcpy(mallocedval + strlen(mallocedval) - 1, "]");
@@ -597,14 +599,14 @@ ECPGstore_input(const int lineno, const bool force_indicator, const struct varia
                                break;
 
                        case ECPGt_int:
-                               if (!(mallocedval = ECPGalloc(var->arrsize * 20, lineno)))
+                               if (!(mallocedval = ECPGalloc(asize * 20, lineno)))
                                        return false;
 
-                               if (var->arrsize > 1)
+                               if (asize > 1)
                                {
                                        strcpy(mallocedval, "array [");
 
-                                       for (element = 0; element < var->arrsize; element++)
+                                       for (element = 0; element < asize; element++)
                                                sprintf(mallocedval + strlen(mallocedval), "%d,", ((int *) var->value)[element]);
 
                                        strcpy(mallocedval + strlen(mallocedval) - 1, "]");
@@ -617,14 +619,14 @@ ECPGstore_input(const int lineno, const bool force_indicator, const struct varia
                                break;
 
                        case ECPGt_unsigned_short:
-                               if (!(mallocedval = ECPGalloc(var->arrsize * 20, lineno)))
+                               if (!(mallocedval = ECPGalloc(asize * 20, lineno)))
                                        return false;
 
-                               if (var->arrsize > 1)
+                               if (asize > 1)
                                {
                                        strcpy(mallocedval, "array [");
 
-                                       for (element = 0; element < var->arrsize; element++)
+                                       for (element = 0; element < asize; element++)
                                                sprintf(mallocedval + strlen(mallocedval), "%hu,", ((unsigned short *) var->value)[element]);
 
                                        strcpy(mallocedval + strlen(mallocedval) - 1, "]");
@@ -637,14 +639,14 @@ ECPGstore_input(const int lineno, const bool force_indicator, const struct varia
                                break;
 
                        case ECPGt_unsigned_int:
-                               if (!(mallocedval = ECPGalloc(var->arrsize * 20, lineno)))
+                               if (!(mallocedval = ECPGalloc(asize * 20, lineno)))
                                        return false;
 
-                               if (var->arrsize > 1)
+                               if (asize > 1)
                                {
                                        strcpy(mallocedval, "array [");
 
-                                       for (element = 0; element < var->arrsize; element++)
+                                       for (element = 0; element < asize; element++)
                                                sprintf(mallocedval + strlen(mallocedval), "%u,", ((unsigned int *) var->value)[element]);
 
                                        strcpy(mallocedval + strlen(mallocedval) - 1, "]");
@@ -657,14 +659,14 @@ ECPGstore_input(const int lineno, const bool force_indicator, const struct varia
                                break;
 
                        case ECPGt_long:
-                               if (!(mallocedval = ECPGalloc(var->arrsize * 20, lineno)))
+                               if (!(mallocedval = ECPGalloc(asize * 20, lineno)))
                                        return false;
 
-                               if (var->arrsize > 1)
+                               if (asize > 1)
                                {
                                        strcpy(mallocedval, "array [");
 
-                                       for (element = 0; element < var->arrsize; element++)
+                                       for (element = 0; element < asize; element++)
                                                sprintf(mallocedval + strlen(mallocedval), "%ld,", ((long *) var->value)[element]);
 
                                        strcpy(mallocedval + strlen(mallocedval) - 1, "]");
@@ -677,14 +679,14 @@ ECPGstore_input(const int lineno, const bool force_indicator, const struct varia
                                break;
 
                        case ECPGt_unsigned_long:
-                               if (!(mallocedval = ECPGalloc(var->arrsize * 20, lineno)))
+                               if (!(mallocedval = ECPGalloc(asize * 20, lineno)))
                                        return false;
 
-                               if (var->arrsize > 1)
+                               if (asize > 1)
                                {
                                        strcpy(mallocedval, "array [");
 
-                                       for (element = 0; element < var->arrsize; element++)
+                                       for (element = 0; element < asize; element++)
                                                sprintf(mallocedval + strlen(mallocedval), "%lu,", ((unsigned long *) var->value)[element]);
 
                                        strcpy(mallocedval + strlen(mallocedval) - 1, "]");
@@ -697,14 +699,14 @@ ECPGstore_input(const int lineno, const bool force_indicator, const struct varia
                                break;
 #ifdef HAVE_LONG_LONG_INT_64
                        case ECPGt_long_long:
-                               if (!(mallocedval = ECPGalloc(var->arrsize * 30, lineno)))
+                               if (!(mallocedval = ECPGalloc(asize * 30, lineno)))
                                        return false;
 
-                               if (var->arrsize > 1)
+                               if (asize > 1)
                                {
                                        strcpy(mallocedval, "array [");
 
-                                       for (element = 0; element < var->arrsize; element++)
+                                       for (element = 0; element < asize; element++)
                                                sprintf(mallocedval + strlen(mallocedval), "%lld,", ((long long *) var->value)[element]);
 
                                        strcpy(mallocedval + strlen(mallocedval) - 1, "]");
@@ -717,14 +719,14 @@ ECPGstore_input(const int lineno, const bool force_indicator, const struct varia
                                break;
 
                        case ECPGt_unsigned_long_long:
-                               if (!(mallocedval = ECPGalloc(var->arrsize * 30, lineno)))
+                               if (!(mallocedval = ECPGalloc(asize * 30, lineno)))
                                        return false;
 
-                               if (var->arrsize > 1)
+                               if (asize > 1)
                                {
                                        strcpy(mallocedval, "array [");
 
-                                       for (element = 0; element < var->arrsize; element++)
+                                       for (element = 0; element < asize; element++)
                                                sprintf(mallocedval + strlen(mallocedval), "%llu,", ((unsigned long long *) var->value)[element]);
 
                                        strcpy(mallocedval + strlen(mallocedval) - 1, "]");
@@ -737,14 +739,14 @@ ECPGstore_input(const int lineno, const bool force_indicator, const struct varia
                                break;
 #endif   /* HAVE_LONG_LONG_INT_64 */
                        case ECPGt_float:
-                               if (!(mallocedval = ECPGalloc(var->arrsize * 25, lineno)))
+                               if (!(mallocedval = ECPGalloc(asize * 25, lineno)))
                                        return false;
 
-                               if (var->arrsize > 1)
+                               if (asize > 1)
                                {
                                        strcpy(mallocedval, "array [");
 
-                                       for (element = 0; element < var->arrsize; element++)
+                                       for (element = 0; element < asize; element++)
                                                sprintf(mallocedval + strlen(mallocedval), "%.14g,", ((float *) var->value)[element]);
 
                                        strcpy(mallocedval + strlen(mallocedval) - 1, "]");
@@ -757,14 +759,14 @@ ECPGstore_input(const int lineno, const bool force_indicator, const struct varia
                                break;
 
                        case ECPGt_double:
-                               if (!(mallocedval = ECPGalloc(var->arrsize * 25, lineno)))
+                               if (!(mallocedval = ECPGalloc(asize * 25, lineno)))
                                        return false;
 
-                               if (var->arrsize > 1)
+                               if (asize > 1)
                                {
                                        strcpy(mallocedval, "array [");
 
-                                       for (element = 0; element < var->arrsize; element++)
+                                       for (element = 0; element < asize; element++)
                                                sprintf(mallocedval + strlen(mallocedval), "%.14g,", ((double *) var->value)[element]);
 
                                        strcpy(mallocedval + strlen(mallocedval) - 1, "]");

diff --git a/src/interfaces/ecpg/test/complex/test4.pgc b/src/interfaces/ecpg/test/complex/test4.pgc
index 68a64c79acbadbea76b1d14a28d29bd17f1d9f10..4be713b2fdaec02c8264b60a444fe94875ec2172 100644 (file)
--- a/src/interfaces/ecpg/test/complex/test4.pgc
+++ b/src/interfaces/ecpg/test/complex/test4.pgc
@@ -27,7 +27,7 @@ EXEC SQL BEGIN DECLARE SECTION;
        int *did = &i;
        int a[10] = {9,8,7,6,5,4,3,2,1,0};
        char text[25] = "klmnopqrst";
-       char *t = (char *)malloc(10);
+       char *t = (char *)malloc(11);
        double f;
        bool b = true;
 EXEC SQL END DECLARE SECTION;

diff --git a/src/interfaces/ecpg/test/expected/complex-test4.c b/src/interfaces/ecpg/test/expected/complex-test4.c
index caf3f4f9fb36a03820a4656f0ac2aa7a5d64c419..9ac0fe0d25ced17ed9865f86fff042bb60c38bfd 100644 (file)
--- a/src/interfaces/ecpg/test/expected/complex-test4.c
+++ b/src/interfaces/ecpg/test/expected/complex-test4.c
@@ -140,7 +140,7 @@ main (void)
  char  text [ 25 ]   = "klmnopqrst" ;
  
 #line 30 "test4.pgc"
- char * t   = ( char * ) malloc ( 10 ) ;
+ char * t   = ( char * ) malloc ( 11 ) ;
  
 #line 31 "test4.pgc"
  double  f    ;
@@ -184,14 +184,14 @@ if (sqlca.sqlcode < 0) sqlprint();}
 #line 46 "test4.pgc"
 
 
-       { ECPGdo(__LINE__, 0, 1, NULL, "insert into test ( f  , i  , a  , text  , b  , t  , err  ) values( 404.90 , 3 , '{0,1,2,3,4,5,6,7,8,9}' , 'abcdefghij' , 'f' , 0 , 0 )", ECPGt_EOIT, ECPGt_EORT);
+       { ECPGdo(__LINE__, 0, 1, NULL, "insert into test ( f  , i  , a  , text  , b  , t  , err  ) values( 404.90 , 3 , '{0,1,2,3,4,5,6,7,8,9}' , 'abcdefghij' , 'f' , 0 , 0 ) ", ECPGt_EOIT, ECPGt_EORT);
 #line 48 "test4.pgc"
 
 if (sqlca.sqlcode < 0) sqlprint();}
 #line 48 "test4.pgc"
 
 
-       { ECPGdo(__LINE__, 0, 1, NULL, "insert into test ( f  , i  , a  , text  , b  , t  , err  ) values( 140787.0 , 2 ,  ? ,  ? , 't' , 2 , 14 )", 
+       { ECPGdo(__LINE__, 0, 1, NULL, "insert into test ( f  , i  , a  , text  , b  , t  , err  ) values( 140787.0 , 2 ,  ? ,  ? , 't' , 2 , 14 ) ", 
        ECPGt_int,(a),(long)1,(long)10,sizeof(int), 
        ECPGt_NO_INDICATOR, NULL , 0L, 0L, 0L, 
        ECPGt_char,(text),(long)25,(long)1,(25)*sizeof(char), 
@@ -205,7 +205,7 @@ if (sqlca.sqlcode < 0) sqlprint();}
 
             
 
-       { ECPGdo(__LINE__, 0, 1, NULL, "insert into test ( f  , i  , a  , text  , b  , t  , err  ) values( 14.07 ,  ? ,  ? ,  ? ,  ? , 1 , 147 )", 
+       { ECPGdo(__LINE__, 0, 1, NULL, "insert into test ( f  , i  , a  , text  , b  , t  , err  ) values( 14.07 ,  ? ,  ? ,  ? ,  ? , 1 , 147 ) ", 
        ECPGt_int,&(did),(long)1,(long)0,sizeof(int), 
        ECPGt_NO_INDICATOR, NULL , 0L, 0L, 0L, 
        ECPGt_int,(a),(long)1,(long)10,sizeof(int),