On 9/15/22 18:56, Dimitry Sibiryakov wrote:
Hello All.

  If someone by mistake calls IStatement::execute() providing metadata but no data buffer, it will pass the values as is to a provider and overall result will be segfault.
  Shouldn't some sanity checks to be performed there?


Not sure. Check for nullptr is really simple but what if user sends garbage instead data buffer address? Luckily that segfault will never disturb remote server - only client or embedded which can suffer same way from any segfault in user process.

I do not want to say segfault is good thing and will not provide as a sample trivial things like strcpy() - but almost any function in C library will segfault when passed wrong address of some data.



Firebird-Devel mailing list, web interface at 
https://lists.sourceforge.net/lists/listinfo/firebird-devel

Reply via email to