connectivity/source/drivers/firebird/PreparedStatement.cxx | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
New commits:
commit 94ba3770ffe31bd26e0c67a5609c8935994b808a
Author: Mike Kaganski <mike.kagan...@collabora.com>
AuthorDate: Sat Feb 5 16:13:50 2022 +0100
Commit: Mike Kaganski <mike.kagan...@collabora.com>
CommitDate: Sat Feb 5 17:26:31 2022 +0100
tdf#138691: avoid buffer overflow
Change-Id: Ib5eaf6c658e1185c1e3eec7ce34f0ce54d6ce771
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/129441
Tested-by: Jenkins
Reviewed-by: Mike Kaganski <mike.kagan...@collabora.com>
diff --git a/connectivity/source/drivers/firebird/PreparedStatement.cxx
b/connectivity/source/drivers/firebird/PreparedStatement.cxx
index c665581f8c32..9225c3b26895 100644
--- a/connectivity/source/drivers/firebird/PreparedStatement.cxx
+++ b/connectivity/source/drivers/firebird/PreparedStatement.cxx
@@ -923,9 +923,12 @@ void SAL_CALL OPreparedStatement::setBytes(sal_Int32
nParameterIndex,
}
else if( dType == SQL_TEXT )
{
+ if (pVar->sqllen < xBytes.getLength())
+ dbtools::throwSQLException("Data too big for this field",
+
dbtools::StandardSQLState::INVALID_SQL_DATA_TYPE, *this);
setParameterNull(nParameterIndex, false);
memcpy(pVar->sqldata, xBytes.getConstArray(), xBytes.getLength() );
- // Fill remainder with spaces
+ // Fill remainder with zeroes
memset(pVar->sqldata + xBytes.getLength(), 0, pVar->sqllen -
xBytes.getLength());
}
else
