Details
-
Bug
-
Status: Closed (View Workflow)
-
Major
-
Resolution: Fixed
-
2.0.13
-
None
-
None
Description
The standard prescribes that SQLGetData() returns SQL_NO_DATA after retrieving the last portion of the column data.
Currently, the driver does not return that error nor returns it zero length in the indicator (StrLen_or_IndPtr) argument if the whole data can be fetched to the buffer at once.
The code relying upon the described above behavior may enter an unbound loop reading the (same) data indefinitely (until the process crashes).
--- ./ma_statement.c.ori 2016-12-05 18:34:45.956616000 -0800
|
+++ ./ma_statement.c 2016-12-14 18:25:59.371718000 -0800
|
@@ -2607,9 +2607,7 @@
|
}
|
if (StrLen_or_IndPtr)
|
*StrLen_or_IndPtr= *Bind.length - Stmt->CharOffset[Offset];
|
- /* Increase Offset only when the buffer wasn't fetched completely */
|
- if (*Bind.length > (Bind.buffer_length - ZeroTerminated))
|
- Stmt->CharOffset[Offset]+= MIN((unsigned long)BufferLength - ZeroTerminated, *Bind.length);
|
+ Stmt->CharOffset[Offset]+= MIN((unsigned long)BufferLength - ZeroTerminated, *Bind.length);
|
if ((BufferLength - ZeroTerminated) && Stmt->Lengths[Offset] > Stmt->CharOffset[Offset])
|
{
|
MADB_SetError(&Stmt->Error, MADB_ERR_01004, NULL, 0);
|
The behavior triggered by the line ma_statement.c:2566 (Stmt->CharOffset[Offset]= 0;) is also questionable.
Attachments
Activity
| Field | Original Value | New Value |
|---|---|---|
| Fix Version/s | 2.0.14 [ 22510 ] | |
| Fix Version/s | 3.0.1 [ 22511 ] | |
| Resolution | Fixed [ 1 ] | |
| Status | Open [ 1 ] | Closed [ 6 ] |
| Workflow | MariaDB connectors [ 79111 ] | MariaDB v3 [ 84046 ] |
| Workflow | MariaDB v3 [ 84046 ] | MariaDB v4 [ 135423 ] |
The fix and the testcase have been pushed(only to odbc-2.0 so far) as rev f185440c17db1f80ac369b4dab54fdbe1487a882