Buffer overrun in copy_statement_with_parameters ?
| От | lothar.behrens@lollisoft.de |
|---|---|
| Тема | Buffer overrun in copy_statement_with_parameters ? |
| Дата | |
| Msg-id | 43651EE6.27992.253829E@localhost обсуждение исходный текст |
| Список | pgsql-odbc |
Hi,
currently I try to find malloc bugs in my code and it may be that some of the
mpatrol log entries are related to the following function in convert.c:
copy_statement_with_parameters(...)
Mpatrol reports
ERROR: [RNGOVF]: memcpy: range [0x08070370,0x0807038A] overflows
[0x08070350,0x0
807037E]
0x08070350 (47 bytes) {malloc:5667:0} [-|-|-]
0x4058DC9E ??? <------- Used as breakpoint
0x4058BFD2 ???
0x405A168C ???
0x4051B60B ???
0x4048B3FC ???
0x08049578 main+1452
0x401D1500 __libc_start_main+224
0x08048F31 _start+33
But if I print out some debug messages, it seems ok. The buffer is about 4096
bytes.
Any ideas ?
I have SuSE 9.1/mpatrol 1.4.8/psqlODBC 07.03.0200
Thanks, Lothar
// ...
if (0 != (qb->flags & FLGB_KEYSET_DRIVEN))
{
qb->npos = npos;
/* ----------
* 1st query is for field information
* 2nd query is keyset gathering
*/
CVT_APPEND_STR(qb, " where ctid = '(0,0)';select
ctid, oid from ");
//- Problematic code -----------------------
CVT_APPEND_DATA(qb, qp->statement + qp-
>from_pos + 5, npos - qp->from_pos - 5);
//-------------------------------------------------
}
}
stmt->load_statement = malloc(npos + 1);
memcpy(stmt->load_statement, qb->query_statement, npos);
stmt->load_statement[npos] = '\0';
}
#endif /* DRIVER_CURSOR_IMPLEMENT */
--
Lothar Behrens | Rapid Prototyping ...
Rosmarinstr 3 |
40235 Düsseldorf | www.lollisoft.de
В списке pgsql-odbc по дате отправления: