From: | Hiroshi Inoue <inoue(at)tpf(dot)co(dot)jp> |
---|---|
To: | Bart Samwel <bart(at)samwel(dot)tk> |
Cc: | pgsql-odbc(at)postgresql(dot)org |
Subject: | Re: Buffer overrun in handle_notice_message() |
Date: | 2006-08-18 21:30:18 |
Message-ID: | 44E6316A.5010301@tpf.co.jp |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-odbc |
Bart Samwel wrote:
> Hi all,
>
> I'd like to report a buffer overrun in handle_notice_message().
> Analysis: when I run a query >4096 characters that has a 'C' at a
> specific location (at a specific, small offset before a multiple of
> 4096), then the stack is trashed and the driver crashes. The code
> fragment:
>
> for (;;)
> {
> truncated = SOCK_get_string(sock, msgbuffer, sizeof(msgbuffer));
> if (!msgbuffer[0])
> break;
>
> mylog("%s: 'N' - %s\n", comment, msgbuffer);
> qlog("NOTICE from backend during %s: '%s'\n", comment, msgbuffer);
> switch (msgbuffer[0])
> {
> case 'S':
> strncat(msgbuf, msgbuffer + 1, buflen);
> strncat(msgbuf, ": ", buflen);
> buflen -= (strlen(msgbuffer) + 1);
> break;
> case 'M':
> strncat(msgbuf, msgbuffer + 1, buflen);
> msg_truncated = truncated;
> break;
> case 'C':
> if (sqlstate && !sqlstate[0] && strcmp(msgbuffer + 1,
> "00000"))
> strcpy(sqlstate, msgbuffer + 1);
> break;
> }
> }
Hi Bart,
Hmm, ISTM I should place the following code at the end of the above loop
not after the above code..
while (truncated)
truncated = SOCK_get_string(sock, msgbuffer,
sizeof(msgbuffer));
Actually I do so In handle_error_message().
I would fix it ASAP.
Thanks.
regards,
Hiroshi Inoue
From | Date | Subject | |
---|---|---|---|
Next Message | noreply | 2006-08-19 00:30:02 | [ psqlodbc-Bugs-1000707 ] SQLTables SQL_ALL_SCHEMAS duplicate schema names |
Previous Message | Blake McBride | 2006-08-18 21:10:48 | Re: SQLForeignKeys bugs |