On 9/15/22 18:56, Dimitry Sibiryakov wrote:
Hello All.
If someone by mistake calls IStatement::execute() providing metadata
but no data buffer, it will pass the values as is to a provider and
overall result will be segfault.
Shouldn't some sanity checks to be performed there?
Not sure. Check for nullptr is really simple but what if user sends
garbage instead data buffer address? Luckily that segfault will never
disturb remote server - only client or embedded which can suffer same
way from any segfault in user process.
I do not want to say segfault is good thing and will not provide as a
sample trivial things like strcpy() - but almost any function in C
library will segfault when passed wrong address of some data.
Firebird-Devel mailing list, web interface at
https://lists.sourceforge.net/lists/listinfo/firebird-devel
