Wrong-size allocation in row.cc
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Drizzle Client & Protocol Library |
Fix Released
|
Medium
|
Andrew Hutchings |
Bug Description
row.cc [ http://
result->row= new (std::nothrow) drizzle_
which allocates some memory for the row, but the amount of memory allocated is wrong. The buffer will eventually contain one drizzle_field_t followed by a number of size_ts, but this code allocates enough space for a number of drizzle_field_ts equal to the number of bytes in the desired array of size_ts ... which will practically always be enough, and usually far more than needed.
Probably the most straightforward fix is to switch to malloc/free for that heterogeneous buffer and either malloc(
struct row_info {
drizzle_field_t row;
size_t sizes[1];
}
make result->row be a pointer to this structure, and malloc(
Related branches
- Drizzle Trunk: Pending requested
-
Diff: 144 lines (+19/-12)7 files modifiedlibdrizzle/datetime.h (+1/-0)
libdrizzle/pack.cc (+10/-2)
libdrizzle/pack.h (+2/-2)
libdrizzle/statement.cc (+2/-2)
libdrizzle/statement_param.cc (+3/-4)
tests/unit/datetypes.c (+1/-1)
tests/unit/include.am (+0/-1)
Changed in libdrizzle: | |
importance: | Undecided → Medium |
assignee: | nobody → Andrew Hutchings (linuxjedi) |
milestone: | none → 5.1.4 |
status: | New → Triaged |
Changed in libdrizzle: | |
status: | Triaged → Fix Released |
I'd rather not switch it back to malloc/free. We recently moved away from that where practical. The struct sounds safer/better to me