Details
-
Bug
-
Resolution: Fixed
-
P3: Somewhat important
-
6.4.3, 6.5.1
-
a7deddba5 (dev), dcef040b9 (6.6), 8195a23f3 (6.5), 634ef449b (dev), 2461783ae (6.6), ee757c574 (6.5)
Description
In file qsql_ibase.cpp in the function QIBaseResult::exec():
There is a for loop through all input parameters, inside this loop the sql parameter type is checked for null-ability (sqltype & 1 ): If this is true the parameter can be null and the if the argument is null the null flag is set and all is well.
But if, for example, the type is "not null" constrained (e.g. a procedure input parameter) the code proceeds immediately to the switch statement where the argument is converted to whatever is needed, without the check for QSqlResultPrivate::isVariantNull(val).
The values not null constraint cannot be enforced because the null is converted to a zero (in case of an integer parameter), which can leads to hard to find bugs.
In this case the QIBaseResult::exec() call should return an error, so the wrong argument could be detected.
e.g.
if (d->inda->sqlvar[para].sqltype & 1) { // null handling already there } else { // set error code here return false; // null argument passed to not null parameter }