Details
-
Bug
-
Status: Closed (View Workflow)
-
Major
-
Resolution: Fixed
-
2.0.13
-
None
-
None
Description
The standard prescribes that SQLGetData() returns SQL_NO_DATA after retrieving the last portion of the column data.
Currently, the driver does not return that error nor returns it zero length in the indicator (StrLen_or_IndPtr) argument if the whole data can be fetched to the buffer at once.
The code relying upon the described above behavior may enter an unbound loop reading the (same) data indefinitely (until the process crashes).
--- ./ma_statement.c.ori 2016-12-05 18:34:45.956616000 -0800
|
+++ ./ma_statement.c 2016-12-14 18:25:59.371718000 -0800
|
@@ -2607,9 +2607,7 @@
|
}
|
if (StrLen_or_IndPtr)
|
*StrLen_or_IndPtr= *Bind.length - Stmt->CharOffset[Offset];
|
- /* Increase Offset only when the buffer wasn't fetched completely */
|
- if (*Bind.length > (Bind.buffer_length - ZeroTerminated))
|
- Stmt->CharOffset[Offset]+= MIN((unsigned long)BufferLength - ZeroTerminated, *Bind.length);
|
+ Stmt->CharOffset[Offset]+= MIN((unsigned long)BufferLength - ZeroTerminated, *Bind.length);
|
if ((BufferLength - ZeroTerminated) && Stmt->Lengths[Offset] > Stmt->CharOffset[Offset])
|
{
|
MADB_SetError(&Stmt->Error, MADB_ERR_01004, NULL, 0);
|
The behavior triggered by the line ma_statement.c:2566 (Stmt->CharOffset[Offset]= 0;) is also questionable.