From: | Patrice Dardoize <patrice(dot)dardoize(at)gmail(dot)com> |
---|---|
To: | pgsql-odbc(at)postgresql(dot)org |
Subject: | buffer overwrite in function BuildBindRequest (file convert.c line 3749) |
Date: | 2014-01-09 14:04:40 |
Message-ID: | CAE=BBjQf0KuC0_fnO56-1BgKBYPC5hE9Z1OBms=+XPAAEt+=8w@mail.gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-odbc |
Hello,
I'm using odbc driver version 9.3.1.0 for PostgreSQL.
I'm trying to insert a new row in a table containing 3 columns (integer,
varying character (150) and bytea).
Depending on the data size transfered to the bytea column, I experience a
buffer overwrite (memory written at the very end of memory allocated for
variable qb.query_statement).
After having downloaded the latest available source code and compiled the
odbc driver (under Visual Studio 2010), I found out that a problem may
occur in function BuildBindRequest (from file convert.c line 3749) when
appending a terminating 0 (Int2) at the end of qb.query_statement.
The memory actually allocated for this buffered (for which the size is
stored in qb.str_alsize as I could understand) may be insufficient to
contain the Int2. I've just added a call to ENLARGE_NEWSTATEMENT to fix
the problem :
leng = qb.npos;
ENLARGE_NEWSTATEMENT((&qb), leng + sizeof(Int2)); /* this line was
added to correct the buffer overwrite */
memset(qb.query_statement + leng, 0, sizeof(Int2)); /* result
format is text */
leng += sizeof(Int2);
In order to reproduce the issue, you may simply try to insert a new row
containing :
- an arbitrary int value for the first column
- NULL for the second column
- any binary content of 8132 bytes length
Hope this will help.
Regards
From | Date | Subject | |
---|---|---|---|
Next Message | Adrian Klaver | 2014-01-09 15:38:43 | Re: psqlodbc-09.02.0100 / ssl installation error |
Previous Message | Bart Klein Ikink | 2014-01-09 10:40:44 | psqlodbc-09.02.0100 / ssl installation error |