From: Michael Meskes Date: Fri, 18 Aug 2006 16:30:53 +0000 (+0000) Subject: Fixed a buffer overrun that was masked on Linux systems. X-Git-Tag: REL8_2_BETA1~291 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=46d61eb218824cbcc7c21983d7f3452bf56f018a;p=postgresql Fixed a buffer overrun that was masked on Linux systems. --- diff --git a/src/interfaces/ecpg/ChangeLog b/src/interfaces/ecpg/ChangeLog index af7420b3b2..7ebd736829 100644 --- a/src/interfaces/ecpg/ChangeLog +++ b/src/interfaces/ecpg/ChangeLog @@ -2095,11 +2095,13 @@ Mo Aug 14 10:39:59 CEST 2006 - Fixed broken newline on Windows. - Fixed a nasty buffer underrun that only occured when using Informix no_indicator NULL setting on timestamps and intervals. +<<<<<<< ChangeLog Fr 18. Aug 17:32:54 CEST 2006 - Changed lexer to no longer use the default rule. - Synced parser and keyword list. - Fixed parsing of CONNECT statement so it accepts a C string again. + - Fixed a buffer overrun that was masked on Linux systems. - Set ecpg library version to 5.2. - Set ecpg version to 4.2.1. diff --git a/src/interfaces/ecpg/ecpglib/execute.c b/src/interfaces/ecpg/ecpglib/execute.c index 9197fef750..0eb12e1b15 100644 --- a/src/interfaces/ecpg/ecpglib/execute.c +++ b/src/interfaces/ecpg/ecpglib/execute.c @@ -1,4 +1,4 @@ -/* $PostgreSQL: pgsql/src/interfaces/ecpg/ecpglib/execute.c,v 1.58 2006/08/09 09:08:31 meskes Exp $ */ +/* $PostgreSQL: pgsql/src/interfaces/ecpg/ecpglib/execute.c,v 1.59 2006/08/18 16:30:53 meskes Exp $ */ /* * The aim is to get a simpler inteface to the database routines. @@ -572,19 +572,21 @@ ECPGstore_input(const int lineno, const bool force_indicator, const struct varia } if (**tobeinserted_p == '\0') { + int asize = var->arrsize? var->arrsize : 1; + switch (var->type) { int element; case ECPGt_short: - if (!(mallocedval = ECPGalloc(var->arrsize * 20, lineno))) + if (!(mallocedval = ECPGalloc(asize * 20, lineno))) return false; - if (var->arrsize > 1) + if (asize > 1) { strcpy(mallocedval, "array ["); - for (element = 0; element < var->arrsize; element++) + for (element = 0; element < asize; element++) sprintf(mallocedval + strlen(mallocedval), "%hd,", ((short *) var->value)[element]); strcpy(mallocedval + strlen(mallocedval) - 1, "]"); @@ -597,14 +599,14 @@ ECPGstore_input(const int lineno, const bool force_indicator, const struct varia break; case ECPGt_int: - if (!(mallocedval = ECPGalloc(var->arrsize * 20, lineno))) + if (!(mallocedval = ECPGalloc(asize * 20, lineno))) return false; - if (var->arrsize > 1) + if (asize > 1) { strcpy(mallocedval, "array ["); - for (element = 0; element < var->arrsize; element++) + for (element = 0; element < asize; element++) sprintf(mallocedval + strlen(mallocedval), "%d,", ((int *) var->value)[element]); strcpy(mallocedval + strlen(mallocedval) - 1, "]"); @@ -617,14 +619,14 @@ ECPGstore_input(const int lineno, const bool force_indicator, const struct varia break; case ECPGt_unsigned_short: - if (!(mallocedval = ECPGalloc(var->arrsize * 20, lineno))) + if (!(mallocedval = ECPGalloc(asize * 20, lineno))) return false; - if (var->arrsize > 1) + if (asize > 1) { strcpy(mallocedval, "array ["); - for (element = 0; element < var->arrsize; element++) + for (element = 0; element < asize; element++) sprintf(mallocedval + strlen(mallocedval), "%hu,", ((unsigned short *) var->value)[element]); strcpy(mallocedval + strlen(mallocedval) - 1, "]"); @@ -637,14 +639,14 @@ ECPGstore_input(const int lineno, const bool force_indicator, const struct varia break; case ECPGt_unsigned_int: - if (!(mallocedval = ECPGalloc(var->arrsize * 20, lineno))) + if (!(mallocedval = ECPGalloc(asize * 20, lineno))) return false; - if (var->arrsize > 1) + if (asize > 1) { strcpy(mallocedval, "array ["); - for (element = 0; element < var->arrsize; element++) + for (element = 0; element < asize; element++) sprintf(mallocedval + strlen(mallocedval), "%u,", ((unsigned int *) var->value)[element]); strcpy(mallocedval + strlen(mallocedval) - 1, "]"); @@ -657,14 +659,14 @@ ECPGstore_input(const int lineno, const bool force_indicator, const struct varia break; case ECPGt_long: - if (!(mallocedval = ECPGalloc(var->arrsize * 20, lineno))) + if (!(mallocedval = ECPGalloc(asize * 20, lineno))) return false; - if (var->arrsize > 1) + if (asize > 1) { strcpy(mallocedval, "array ["); - for (element = 0; element < var->arrsize; element++) + for (element = 0; element < asize; element++) sprintf(mallocedval + strlen(mallocedval), "%ld,", ((long *) var->value)[element]); strcpy(mallocedval + strlen(mallocedval) - 1, "]"); @@ -677,14 +679,14 @@ ECPGstore_input(const int lineno, const bool force_indicator, const struct varia break; case ECPGt_unsigned_long: - if (!(mallocedval = ECPGalloc(var->arrsize * 20, lineno))) + if (!(mallocedval = ECPGalloc(asize * 20, lineno))) return false; - if (var->arrsize > 1) + if (asize > 1) { strcpy(mallocedval, "array ["); - for (element = 0; element < var->arrsize; element++) + for (element = 0; element < asize; element++) sprintf(mallocedval + strlen(mallocedval), "%lu,", ((unsigned long *) var->value)[element]); strcpy(mallocedval + strlen(mallocedval) - 1, "]"); @@ -697,14 +699,14 @@ ECPGstore_input(const int lineno, const bool force_indicator, const struct varia break; #ifdef HAVE_LONG_LONG_INT_64 case ECPGt_long_long: - if (!(mallocedval = ECPGalloc(var->arrsize * 30, lineno))) + if (!(mallocedval = ECPGalloc(asize * 30, lineno))) return false; - if (var->arrsize > 1) + if (asize > 1) { strcpy(mallocedval, "array ["); - for (element = 0; element < var->arrsize; element++) + for (element = 0; element < asize; element++) sprintf(mallocedval + strlen(mallocedval), "%lld,", ((long long *) var->value)[element]); strcpy(mallocedval + strlen(mallocedval) - 1, "]"); @@ -717,14 +719,14 @@ ECPGstore_input(const int lineno, const bool force_indicator, const struct varia break; case ECPGt_unsigned_long_long: - if (!(mallocedval = ECPGalloc(var->arrsize * 30, lineno))) + if (!(mallocedval = ECPGalloc(asize * 30, lineno))) return false; - if (var->arrsize > 1) + if (asize > 1) { strcpy(mallocedval, "array ["); - for (element = 0; element < var->arrsize; element++) + for (element = 0; element < asize; element++) sprintf(mallocedval + strlen(mallocedval), "%llu,", ((unsigned long long *) var->value)[element]); strcpy(mallocedval + strlen(mallocedval) - 1, "]"); @@ -737,14 +739,14 @@ ECPGstore_input(const int lineno, const bool force_indicator, const struct varia break; #endif /* HAVE_LONG_LONG_INT_64 */ case ECPGt_float: - if (!(mallocedval = ECPGalloc(var->arrsize * 25, lineno))) + if (!(mallocedval = ECPGalloc(asize * 25, lineno))) return false; - if (var->arrsize > 1) + if (asize > 1) { strcpy(mallocedval, "array ["); - for (element = 0; element < var->arrsize; element++) + for (element = 0; element < asize; element++) sprintf(mallocedval + strlen(mallocedval), "%.14g,", ((float *) var->value)[element]); strcpy(mallocedval + strlen(mallocedval) - 1, "]"); @@ -757,14 +759,14 @@ ECPGstore_input(const int lineno, const bool force_indicator, const struct varia break; case ECPGt_double: - if (!(mallocedval = ECPGalloc(var->arrsize * 25, lineno))) + if (!(mallocedval = ECPGalloc(asize * 25, lineno))) return false; - if (var->arrsize > 1) + if (asize > 1) { strcpy(mallocedval, "array ["); - for (element = 0; element < var->arrsize; element++) + for (element = 0; element < asize; element++) sprintf(mallocedval + strlen(mallocedval), "%.14g,", ((double *) var->value)[element]); strcpy(mallocedval + strlen(mallocedval) - 1, "]"); diff --git a/src/interfaces/ecpg/test/complex/test4.pgc b/src/interfaces/ecpg/test/complex/test4.pgc index 68a64c79ac..4be713b2fd 100644 --- a/src/interfaces/ecpg/test/complex/test4.pgc +++ b/src/interfaces/ecpg/test/complex/test4.pgc @@ -27,7 +27,7 @@ EXEC SQL BEGIN DECLARE SECTION; int *did = &i; int a[10] = {9,8,7,6,5,4,3,2,1,0}; char text[25] = "klmnopqrst"; - char *t = (char *)malloc(10); + char *t = (char *)malloc(11); double f; bool b = true; EXEC SQL END DECLARE SECTION; diff --git a/src/interfaces/ecpg/test/expected/complex-test4.c b/src/interfaces/ecpg/test/expected/complex-test4.c index caf3f4f9fb..9ac0fe0d25 100644 --- a/src/interfaces/ecpg/test/expected/complex-test4.c +++ b/src/interfaces/ecpg/test/expected/complex-test4.c @@ -140,7 +140,7 @@ main (void) char text [ 25 ] = "klmnopqrst" ; #line 30 "test4.pgc" - char * t = ( char * ) malloc ( 10 ) ; + char * t = ( char * ) malloc ( 11 ) ; #line 31 "test4.pgc" double f ; @@ -184,14 +184,14 @@ if (sqlca.sqlcode < 0) sqlprint();} #line 46 "test4.pgc" - { ECPGdo(__LINE__, 0, 1, NULL, "insert into test ( f , i , a , text , b , t , err ) values( 404.90 , 3 , '{0,1,2,3,4,5,6,7,8,9}' , 'abcdefghij' , 'f' , 0 , 0 )", ECPGt_EOIT, ECPGt_EORT); + { ECPGdo(__LINE__, 0, 1, NULL, "insert into test ( f , i , a , text , b , t , err ) values( 404.90 , 3 , '{0,1,2,3,4,5,6,7,8,9}' , 'abcdefghij' , 'f' , 0 , 0 ) ", ECPGt_EOIT, ECPGt_EORT); #line 48 "test4.pgc" if (sqlca.sqlcode < 0) sqlprint();} #line 48 "test4.pgc" - { ECPGdo(__LINE__, 0, 1, NULL, "insert into test ( f , i , a , text , b , t , err ) values( 140787.0 , 2 , ? , ? , 't' , 2 , 14 )", + { ECPGdo(__LINE__, 0, 1, NULL, "insert into test ( f , i , a , text , b , t , err ) values( 140787.0 , 2 , ? , ? , 't' , 2 , 14 ) ", ECPGt_int,(a),(long)1,(long)10,sizeof(int), ECPGt_NO_INDICATOR, NULL , 0L, 0L, 0L, ECPGt_char,(text),(long)25,(long)1,(25)*sizeof(char), @@ -205,7 +205,7 @@ if (sqlca.sqlcode < 0) sqlprint();} - { ECPGdo(__LINE__, 0, 1, NULL, "insert into test ( f , i , a , text , b , t , err ) values( 14.07 , ? , ? , ? , ? , 1 , 147 )", + { ECPGdo(__LINE__, 0, 1, NULL, "insert into test ( f , i , a , text , b , t , err ) values( 14.07 , ? , ? , ? , ? , 1 , 147 ) ", ECPGt_int,&(did),(long)1,(long)0,sizeof(int), ECPGt_NO_INDICATOR, NULL , 0L, 0L, 0L, ECPGt_int,(a),(long)1,(long)10,sizeof(int),