FirebirdSQL/firebird-odbc-driver

Crash when inserting values via prepared statements, bound integer value to char column [ODBC139]

firebird-automations opened this issue · 5 comments

Submitted by: Sven Steinseifer (svensteinseifer)

A crash occures in the Firebird odbc driver when I execute the following statements:

r = SQLPrepare(hstmt, (SQLCHAR*)"INSERT INTO test (id, text) VALUES (1, ?)", SQL_NTS); // test.text is a CHAR column

int value = 1;
r = SQLBindParameter(hstmt, 1, SQL_PARAM_INPUT, SQL_C_SLONG, SQL_INTEGER, 0, 0, &value, 0, 0); // binds INTEGER value to CHAR column

r = SQLExecute(hstmt); // crashs

A debugging session revealed that the crash occurres in
OdbcConvert::conv#⁠#⁠TYPE_FROM#⁠#⁠ToString(DescRecord * from, DescRecord * to)
when the ODBCCONVERT_CHECKNULL macro gets called.
The indicatorFrom variable has a 0 value (from last parameter of SQLBindParameter, which is valid according to MSDN) and gets dereferenced in this macro:

#⁠define ODBCCONVERT_CHECKNULL(pointerTo) \
if( *(short*)indicatorFrom == SQL_NULL_DATA ) \
{ \
if ( indicatorTo ) \
*indicatorTo = SQL_NULL_DATA; \
if ( pointerTo ) \
*(char*)pointerTo = 0; \
return SQL_SUCCESS; \
} \
if ( !pointerTo ) \
return SQL_SUCCESS;

If I change this to the following, the crash disappears:
#⁠define ODBCCONVERT_CHECKNULL(pointerTo) \
if( indicatorFrom && *(short*)indicatorFrom == SQL_NULL_DATA ) \
{ \
if ( indicatorTo ) \
*indicatorTo = SQL_NULL_DATA; \
if ( pointerTo ) \
*(char*)pointerTo = 0; \
return SQL_SUCCESS; \
} \
if ( !pointerTo ) \
return SQL_SUCCESS;

Because this macro is used very often, I cannot be sure, if this doesn't introduce some other bugs.

Commits: b994cee 6122325

Commented by: @alexpotapchenko

Fixed in CVS

Modified by: @alexpotapchenko

status: Open [ 1 ] => Resolved [ 5 ]

resolution: Fixed [ 1 ]

Fix Version: 2.0.1 [ 10430 ]

Commented by: Sven Steinseifer (svensteinseifer)

Thanks!

Commented by: Sven Steinseifer (svensteinseifer)

It works!

Modified by: @alexpotapchenko

status: Resolved [ 5 ] => Closed [ 6 ]