Skip site navigation (1) Skip section navigation (2)

Buffer overrun in copy_statement_with_parameters ?

From: lothar(dot)behrens(at)lollisoft(dot)de
To: pgsql-odbc(at)postgresql(dot)org
Subject: Buffer overrun in copy_statement_with_parameters ?
Date: 2005-10-30 18:28:38
Message-ID: 43651EE6.27992.253829E@localhost (view raw or flat)
Thread:
Lists: pgsql-odbc
Hi,

currently I try to find malloc bugs in my code and it may be that some of the
mpatrol log entries are related to the following function in convert.c:

copy_statement_with_parameters(...)

Mpatrol reports 

ERROR: [RNGOVF]: memcpy: range [0x08070370,0x0807038A] overflows 
[0x08070350,0x0
807037E]
    0x08070350 (47 bytes) {malloc:5667:0} [-|-|-]
        0x4058DC9E ???                                  <------- Used as breakpoint
        0x4058BFD2 ???
        0x405A168C ???
        0x4051B60B ???
        0x4048B3FC ???
        0x08049578 main+1452
        0x401D1500 __libc_start_main+224
        0x08048F31 _start+33

But if I print out some debug messages, it seems ok. The buffer is about 4096
bytes. 

Any ideas ?

I have SuSE 9.1/mpatrol 1.4.8/psqlODBC 07.03.0200

Thanks, Lothar

// ...
			if (0 != (qb->flags & FLGB_KEYSET_DRIVEN))
			{
				qb->npos = npos;
				/* ----------
				 * 1st query is for field information
				 * 2nd query is keyset gathering
				 */
				CVT_APPEND_STR(qb, " where ctid = '(0,0)';select 
ctid, oid from ");
				//- Problematic code -----------------------
				CVT_APPEND_DATA(qb, qp->statement + qp-
>from_pos + 5, npos - qp->from_pos - 5);
				//-------------------------------------------------
			}
		}
		stmt->load_statement = malloc(npos + 1);
		memcpy(stmt->load_statement, qb->query_statement, npos);
		stmt->load_statement[npos] = '\0';
	}
#endif   /* DRIVER_CURSOR_IMPLEMENT */

-- 
Lothar Behrens	|	Rapid Prototyping ...
Rosmarinstr 3		|	
40235 Düsseldorf  	|	www.lollisoft.de




pgsql-odbc by date

Next:From: Greg MartinDate: 2005-10-31 07:40:19
Subject: Re: unixODBC vs postgeSQL driver on RHEL4?
Previous:From: Marko RistolaDate: 2005-10-30 14:07:14
Subject: Re: Fix for Declare/Fetch issue

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group