Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-37508

QIBaseDriver::open() corrupts memory heap

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: P2: Important
    • Resolution: Done
    • Affects Version/s: 4.8.4, 4.8.5, 5.0.0, 5.1.0 , 5.2.0
    • Fix Version/s: 4.8.6, 5.3.0
    • Component/s: SQL Support
    • Labels:
      None
    • Environment:
      Microsoft Visual C++ Compiler 10.0 (x86)
      Windows 7 SP1
      Qt 5.2.0
    • Commits:
      0d50efeae9829336ffb7e47692cfdc649e10ee70 (stable, 18.4.2014,5.3) Qt 4: c1d177d52cfffe61198cfa5ec76bae0c2f44a362 (4.8, 19.3.2014)

      Description

      Byte array size less than necessary:

      QByteArray ba;
      ba.resize(usr.length() + pass.length() + enc.length() + role.length() + 6); // 6 additional bytes was allocated (why only 6?)
      int i = -1;
      ba[++i] = isc_dpb_version1; // first
      ba[++i] = isc_dpb_user_name; // second
      ba[++i] = usr.length(); // third
      memcpy(ba.data() + ++i, usr.data(), usr.length());
      i += usr.length();
      ba[i] = isc_dpb_password; // fourth
      ba[++i] = pass.length(); // fifth
      memcpy(ba.data() + ++i, pass.data(), pass.length());
      i += pass.length();
      ba[i] = isc_dpb_lc_ctype; // sixth
      ba[++i] = enc.length(); // !!!!!! seventh
      memcpy(ba.data() + ++i, enc.data(), enc.length());
      i += enc.length();

      if (!role.isEmpty())

      { ba[i] = isc_dpb_sql_role_name; // !!!!!!! ba[++i] = role.length(); // !!!!!!! memcpy(ba.data() + ++i, role.data(), role.length()); i += role.length(); }

        Attachments

        No reviews matched the request. Check your Options in the drop-down menu of this sections header.

          Activity

            People

            Assignee:
            kleint Friedemann Kleint
            Reporter:
            akm-47 Grigory Kalashnikov
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:

                Gerrit Reviews

                There are no open Gerrit changes