buffer overwrite in function BuildBindRequest (file convert.c line 3749)

Hello,

I'm using odbc driver version 9.3.1.0 for PostgreSQL.

I'm trying to insert a new row in a table containing 3 columns (integer,
varying character (150) and bytea).

Depending on the data size transfered to the bytea column, I experience a
buffer overwrite (memory written at the very end of memory allocated for
variable qb.query_statement).

After having downloaded the latest available source code and compiled the
odbc driver (under Visual Studio 2010), I found out that a problem may
occur in function BuildBindRequest (from file convert.c line 3749) when
appending a terminating 0 (Int2) at the end of qb.query_statement.

The memory actually allocated for this buffered (for which the size is
stored in qb.str_alsize as I could understand) may be insufficient to
contain the Int2. I've just added a call to ENLARGE_NEWSTATEMENT to fix
the problem :

leng = qb.npos;
ENLARGE_NEWSTATEMENT((&qb), leng + sizeof(Int2)); /* this line was
added to correct the buffer overwrite */
memset(qb.query_statement + leng, 0, sizeof(Int2)); /* result
format is text */
leng += sizeof(Int2);

In order to reproduce the issue, you may simply try to insert a new row
containing :
- an arbitrary int value for the first column
- NULL for the second column
- any binary content of 8132 bytes length

Hope this will help.

Regards