Fixed a buffer overrun that was masked on Linux systems.

src/interfaces/ecpg/ChangeLog

@@ -2095,11 +2095,13 @@ Mo Aug 14 10:39:59 CEST 2006
 	- Fixed broken newline on Windows.
 	- Fixed a nasty buffer underrun that only occured when using Informix
 	  no_indicator NULL setting on timestamps and intervals.
+<<<<<<< ChangeLog
 
 Fr 18. Aug 17:32:54 CEST 2006
 
 	- Changed lexer to no longer use the default rule.
 	- Synced parser and keyword list.
 	- Fixed parsing of CONNECT statement so it accepts a C string again.
+	- Fixed a buffer overrun that was masked on Linux systems.
 	- Set ecpg library version to 5.2.
 	- Set ecpg version to 4.2.1.

src/interfaces/ecpg/ecpglib/execute.c

-/* $PostgreSQL: pgsql/src/interfaces/ecpg/ecpglib/execute.c,v 1.58 2006/08/09 09:08:31 meskes Exp $ */
+/* $PostgreSQL: pgsql/src/interfaces/ecpg/ecpglib/execute.c,v 1.59 2006/08/18 16:30:53 meskes Exp $ */
 
 /*
  * The aim is to get a simpler inteface to the database routines.
@@ -572,19 +572,21 @@ ECPGstore_input(const int lineno, const bool force_indicator, const struct varia
 	}
 	if (**tobeinserted_p == '\0')
 	{
+		int asize = var->arrsize? var->arrsize : 1;
+
 		switch (var->type)
 		{
 				int			element;
 
 			case ECPGt_short:
-				if (!(mallocedval = ECPGalloc(var->arrsize * 20, lineno)))
+				if (!(mallocedval = ECPGalloc(asize * 20, lineno)))
 					return false;
 
-				if (var->arrsize > 1)
+				if (asize > 1)
 				{
 					strcpy(mallocedval, "array [");
 
-					for (element = 0; element < var->arrsize; element++)
+					for (element = 0; element < asize; element++)
 						sprintf(mallocedval + strlen(mallocedval), "%hd,", ((short *) var->value)[element]);
 
 					strcpy(mallocedval + strlen(mallocedval) - 1, "]");
@@ -597,14 +599,14 @@ ECPGstore_input(const int lineno, const bool force_indicator, const struct varia
 				break;
 
 			case ECPGt_int:
-				if (!(mallocedval = ECPGalloc(var->arrsize * 20, lineno)))
+				if (!(mallocedval = ECPGalloc(asize * 20, lineno)))
 					return false;
 
-				if (var->arrsize > 1)
+				if (asize > 1)
 				{
 					strcpy(mallocedval, "array [");
 
-					for (element = 0; element < var->arrsize; element++)
+					for (element = 0; element < asize; element++)
 						sprintf(mallocedval + strlen(mallocedval), "%d,", ((int *) var->value)[element]);
 
 					strcpy(mallocedval + strlen(mallocedval) - 1, "]");
@@ -617,14 +619,14 @@ ECPGstore_input(const int lineno, const bool force_indicator, const struct varia
 				break;
 
 			case ECPGt_unsigned_short:
-				if (!(mallocedval = ECPGalloc(var->arrsize * 20, lineno)))
+				if (!(mallocedval = ECPGalloc(asize * 20, lineno)))
 					return false;
 
-				if (var->arrsize > 1)
+				if (asize > 1)
 				{
 					strcpy(mallocedval, "array [");
 
-					for (element = 0; element < var->arrsize; element++)
+					for (element = 0; element < asize; element++)
 						sprintf(mallocedval + strlen(mallocedval), "%hu,", ((unsigned short *) var->value)[element]);
 
 					strcpy(mallocedval + strlen(mallocedval) - 1, "]");
@@ -637,14 +639,14 @@ ECPGstore_input(const int lineno, const bool force_indicator, const struct varia
 				break;
 
 			case ECPGt_unsigned_int:
-				if (!(mallocedval = ECPGalloc(var->arrsize * 20, lineno)))
+				if (!(mallocedval = ECPGalloc(asize * 20, lineno)))
 					return false;
 
-				if (var->arrsize > 1)
+				if (asize > 1)
 				{
 					strcpy(mallocedval, "array [");
 
-					for (element = 0; element < var->arrsize; element++)
+					for (element = 0; element < asize; element++)
 						sprintf(mallocedval + strlen(mallocedval), "%u,", ((unsigned int *) var->value)[element]);
 
 					strcpy(mallocedval + strlen(mallocedval) - 1, "]");
@@ -657,14 +659,14 @@ ECPGstore_input(const int lineno, const bool force_indicator, const struct varia
 				break;
 
 			case ECPGt_long:
-				if (!(mallocedval = ECPGalloc(var->arrsize * 20, lineno)))
+				if (!(mallocedval = ECPGalloc(asize * 20, lineno)))
 					return false;
 
-				if (var->arrsize > 1)
+				if (asize > 1)
 				{
 					strcpy(mallocedval, "array [");
 
-					for (element = 0; element < var->arrsize; element++)
+					for (element = 0; element < asize; element++)
 						sprintf(mallocedval + strlen(mallocedval), "%ld,", ((long *) var->value)[element]);
 
 					strcpy(mallocedval + strlen(mallocedval) - 1, "]");
@@ -677,14 +679,14 @@ ECPGstore_input(const int lineno, const bool force_indicator, const struct varia
 				break;
 
 			case ECPGt_unsigned_long:
-				if (!(mallocedval = ECPGalloc(var->arrsize * 20, lineno)))
+				if (!(mallocedval = ECPGalloc(asize * 20, lineno)))
 					return false;
 
-				if (var->arrsize > 1)
+				if (asize > 1)
 				{
 					strcpy(mallocedval, "array [");
 
-					for (element = 0; element < var->arrsize; element++)
+					for (element = 0; element < asize; element++)
 						sprintf(mallocedval + strlen(mallocedval), "%lu,", ((unsigned long *) var->value)[element]);
 
 					strcpy(mallocedval + strlen(mallocedval) - 1, "]");
@@ -697,14 +699,14 @@ ECPGstore_input(const int lineno, const bool force_indicator, const struct varia
 				break;
 #ifdef HAVE_LONG_LONG_INT_64
 			case ECPGt_long_long:
-				if (!(mallocedval = ECPGalloc(var->arrsize * 30, lineno)))
+				if (!(mallocedval = ECPGalloc(asize * 30, lineno)))
 					return false;
 
-				if (var->arrsize > 1)
+				if (asize > 1)
 				{
 					strcpy(mallocedval, "array [");
 
-					for (element = 0; element < var->arrsize; element++)
+					for (element = 0; element < asize; element++)
 						sprintf(mallocedval + strlen(mallocedval), "%lld,", ((long long *) var->value)[element]);
 
 					strcpy(mallocedval + strlen(mallocedval) - 1, "]");
@@ -717,14 +719,14 @@ ECPGstore_input(const int lineno, const bool force_indicator, const struct varia
 				break;
 
 			case ECPGt_unsigned_long_long:
-				if (!(mallocedval = ECPGalloc(var->arrsize * 30, lineno)))
+				if (!(mallocedval = ECPGalloc(asize * 30, lineno)))
 					return false;
 
-				if (var->arrsize > 1)
+				if (asize > 1)
 				{
 					strcpy(mallocedval, "array [");
 
-					for (element = 0; element < var->arrsize; element++)
+					for (element = 0; element < asize; element++)
 						sprintf(mallocedval + strlen(mallocedval), "%llu,", ((unsigned long long *) var->value)[element]);
 
 					strcpy(mallocedval + strlen(mallocedval) - 1, "]");
@@ -737,14 +739,14 @@ ECPGstore_input(const int lineno, const bool force_indicator, const struct varia
 				break;
 #endif   /* HAVE_LONG_LONG_INT_64 */
 			case ECPGt_float:
-				if (!(mallocedval = ECPGalloc(var->arrsize * 25, lineno)))
+				if (!(mallocedval = ECPGalloc(asize * 25, lineno)))
 					return false;
 
-				if (var->arrsize > 1)
+				if (asize > 1)
 				{
 					strcpy(mallocedval, "array [");
 
-					for (element = 0; element < var->arrsize; element++)
+					for (element = 0; element < asize; element++)
 						sprintf(mallocedval + strlen(mallocedval), "%.14g,", ((float *) var->value)[element]);
 
 					strcpy(mallocedval + strlen(mallocedval) - 1, "]");
@@ -757,14 +759,14 @@ ECPGstore_input(const int lineno, const bool force_indicator, const struct varia
 				break;
 
 			case ECPGt_double:
-				if (!(mallocedval = ECPGalloc(var->arrsize * 25, lineno)))
+				if (!(mallocedval = ECPGalloc(asize * 25, lineno)))
 					return false;
 
-				if (var->arrsize > 1)
+				if (asize > 1)
 				{
 					strcpy(mallocedval, "array [");
 
-					for (element = 0; element < var->arrsize; element++)
+					for (element = 0; element < asize; element++)
 						sprintf(mallocedval + strlen(mallocedval), "%.14g,", ((double *) var->value)[element]);
 
 					strcpy(mallocedval + strlen(mallocedval) - 1, "]");

src/interfaces/ecpg/test/complex/test4.pgc

@@ -27,7 +27,7 @@ EXEC SQL BEGIN DECLARE SECTION;
 	int *did = &i;
 	int a[10] = {9,8,7,6,5,4,3,2,1,0};
 	char text[25] = "klmnopqrst";
-	char *t = (char *)malloc(10);
+	char *t = (char *)malloc(11);
 	double f;
 	bool b = true;
 EXEC SQL END DECLARE SECTION;

src/interfaces/ecpg/test/expected/complex-test4.c

@@ -140,7 +140,7 @@ main (void)
  char  text [ 25 ]   = "klmnopqrst" ;
  
 #line 30 "test4.pgc"
- char * t   = ( char * ) malloc ( 10 ) ;
+ char * t   = ( char * ) malloc ( 11 ) ;
  
 #line 31 "test4.pgc"
  double  f    ;
@@ -184,14 +184,14 @@ if (sqlca.sqlcode < 0) sqlprint();}
 #line 46 "test4.pgc"
 
 
-	{ ECPGdo(__LINE__, 0, 1, NULL, "insert into test ( f  , i  , a  , text  , b  , t  , err  ) values( 404.90 , 3 , '{0,1,2,3,4,5,6,7,8,9}' , 'abcdefghij' , 'f' , 0 , 0 )", ECPGt_EOIT, ECPGt_EORT);
+	{ ECPGdo(__LINE__, 0, 1, NULL, "insert into test ( f  , i  , a  , text  , b  , t  , err  ) values( 404.90 , 3 , '{0,1,2,3,4,5,6,7,8,9}' , 'abcdefghij' , 'f' , 0 , 0 ) ", ECPGt_EOIT, ECPGt_EORT);
 #line 48 "test4.pgc"
 
 if (sqlca.sqlcode < 0) sqlprint();}
 #line 48 "test4.pgc"
 
 
-	{ ECPGdo(__LINE__, 0, 1, NULL, "insert into test ( f  , i  , a  , text  , b  , t  , err  ) values( 140787.0 , 2 ,  ? ,  ? , 't' , 2 , 14 )", 
+	{ ECPGdo(__LINE__, 0, 1, NULL, "insert into test ( f  , i  , a  , text  , b  , t  , err  ) values( 140787.0 , 2 ,  ? ,  ? , 't' , 2 , 14 ) ", 
 	ECPGt_int,(a),(long)1,(long)10,sizeof(int), 
 	ECPGt_NO_INDICATOR, NULL , 0L, 0L, 0L, 
 	ECPGt_char,(text),(long)25,(long)1,(25)*sizeof(char), 
@@ -205,7 +205,7 @@ if (sqlca.sqlcode < 0) sqlprint();}
 
 	     
 
-	{ ECPGdo(__LINE__, 0, 1, NULL, "insert into test ( f  , i  , a  , text  , b  , t  , err  ) values( 14.07 ,  ? ,  ? ,  ? ,  ? , 1 , 147 )", 
+	{ ECPGdo(__LINE__, 0, 1, NULL, "insert into test ( f  , i  , a  , text  , b  , t  , err  ) values( 14.07 ,  ? ,  ? ,  ? ,  ? , 1 , 147 ) ", 
 	ECPGt_int,&(did),(long)1,(long)0,sizeof(int), 
 	ECPGt_NO_INDICATOR, NULL , 0L, 0L, 0L, 
 	ECPGt_int,(a),(long)1,(long)10,sizeof(int),