Hello,
I'm using odbc driver version 9.3.1.0 for PostgreSQL.
I'm trying to insert a new row in a table containing 3 columns (integer, varying character (150) and bytea).
Depending on the data size transfered to the bytea column, I experience a buffer overwrite (memory written at the very end of memory allocated for variable qb.query_statement).
After having downloaded the latest available source code and compiled the odbc driver (under Visual Studio 2010), I found out that a problem may occur in function BuildBindRequest (from file convert.c line 3749) when appending a terminating 0 (Int2) at the end of qb.query_statement.
The memory actually allocated for this buffered (for which the size is stored in qb.str_alsize as I could understand) may be insufficient to contain the Int2. I've just added a call to ENLARGE_NEWSTATEMENT to fix the problem :
leng = qb.npos;ENLARGE_NEWSTATEMENT((&qb), leng + sizeof(Int2)); /* this line was added to correct the buffer overwrite */
memset(qb.query_statement + leng, 0, sizeof(Int2)); /* result format is text */
leng += sizeof(Int2);
In order to reproduce the issue, you may simply try to insert a new row containing :
- an arbitrary int value for the first column
- NULL for the second column
- any binary content of 8132 bytes length