[Libreoffice] [PATCH] [REVIEW:3-5, 3-5-0] fdo#34432 ODBC crash on 64 bits

Sun, 29 Jan 2012 12:36:34 -0800 

Attached patch fixes fdo#34432, a crash with some ODBC drivers. The
bug report is about Firebird SQL.

The problem is that SQLGetStmtAttr is passed a pointer to a memory
area to write to. In several places, we give it a pointer to a
stack-allocated sal_(u)Int32, but it expects a pointer to a
SQLULEN. On 32 bits, no problem since SQLULEN==sal_uInt32. On a 64
bits machine, SQLULEN is 64 bits, so the driver writes beyond the area
we expect it to, and smashes our stack -> crash.

Please apply to libreoffice-3-5 and libreoffice-3-5-0 (crossing my
fingers on "before rc3 tag").

Thanks!

-- 
Lionel

>From 884a3ee289d445c494be12a84b3f53b9c3a3ffcc Mon Sep 17 00:00:00 2001
From: Lionel Elie Mamane <lio...@mamane.lu>
Date: Thu, 19 Jan 2012 20:29:36 +0100
Subject: [PATCH] fdo#44025: repair dbaccess::ORowSetCache::isLast() after
 matrix (re)fill

After filling matrix, *do* check if we hit the last row and update
m_nRowCount accordingly. Else, a subsequent isLast() will return true
on the last row of the prefetch window, even if it is not the last row
of the data. Thus the algorithm:
while ( ! pResultSet->isLast() )
{
    //do stuff
    pResultSet->next()
}
will stop too soon, which is exactly the symptom in fdo#44025.
---
 dbaccess/source/core/api/RowSetCache.cxx |    2 --
 1 files changed, 0 insertions(+), 2 deletions(-)

diff --git a/dbaccess/source/core/api/RowSetCache.cxx b/dbaccess/source/core/api/RowSetCache.cxx
index 49f6368..272d260 100644
--- a/dbaccess/source/core/api/RowSetCache.cxx
+++ b/dbaccess/source/core/api/RowSetCache.cxx
@@ -803,7 +803,6 @@ sal_Bool ORowSetCache::fillMatrix(sal_Int32& _nNewStartPos,sal_Int32 _nNewEndPos
     }
     // we have to read one row forward to ensure that we know when we are on last row
     // but only when we don't know it already
-    /*
     if(!m_bRowCountFinal)
     {
         if(!m_pCacheSet->next())
@@ -816,7 +815,6 @@ sal_Bool ORowSetCache::fillMatrix(sal_Int32& _nNewStartPos,sal_Int32 _nNewEndPos
            m_nRowCount = std::max(i,m_nRowCount);
 
     }
-    */
     return bCheck;
 }
 
-- 
1.7.7.3


_______________________________________________
LibreOffice mailing list
LibreOffice@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/libreoffice

Reply via email to