[#ODBC-359] Segmentation fault in SQLFetch

[ODBC-359] Segmentation fault in SQLFetch Created: 2022-05-06 Updated: 2022-06-20 Resolved: 2022-05-12
Status:	Closed
Project:	MariaDB Connector/ODBC
Component/s:	General
Affects Version/s:	3.1.15
Fix Version/s:	3.1.16

Type:

Bug

Priority:

Major

Reporter:

Patrick Braun

Assignee:

Lawrin Novitsky

Resolution:

Fixed

Votes:

Labels:

None

Environment:

Debian 11 amd64 and arm64

Attachments:

ODBC_TEST_t_info.c

segv-fix.patch

Description

SQLFetch crashes when target buffer was set to a null buffer to get column data length as SQL_C_WCHAR

Crash occurres in ma_statement.c on line 1914 when

*(char*)Stmt->result[i].buffer != '\0'

gets dereferenced and buffer is a null pointer.

Attached are a test that currently crashes and a patch file that adds a NULL check

Comments

Comment by Lawrin Novitsky [ 2022-05-08 ]

Thank you for your report. Everything looks to make sense.
Since your provide both the testcase and the fix, maybe it's a good idea for you to make a pull request here so it will be in the history under your name? But please note in the PR that you are contributing the whole thing under the BSD-new license.

Comment by Patrick Braun [ 2022-05-09 ]

I have opened a PR on Github https://github.com/mariadb-corporation/mariadb-connector-odbc/pull/56

Comment by Lawrin Novitsky [ 2022-05-12 ]

The PR with the fix and the testcase has been merged. Thanks to Patrick Braun who did all the job

Comment by Lawrin Novitsky [ 2022-06-20 ]

Updated description as column type was not important here, while SQL_C_WCHAR C type is

Generated at Thu Feb 08 03:28:07 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.

[ODBC-359] Segmentation fault in SQLFetch Created: 2022-05-06 Updated: 2022-06-20 Resolved: 2022-05-12