[ https://issues.apache.org/jira/browse/IGNITE-16279?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17476211#comment-17476211 ]
Ivan Daschinsky commented on IGNITE-16279: ------------------------------------------ Fixed in IGNITE-16728 > CPP: ODBC Incorrent usage of SQLBindParameter in TestStingParamNullLen cause > to heap buffer overflow > ---------------------------------------------------------------------------------------------------- > > Key: IGNITE-16279 > URL: https://issues.apache.org/jira/browse/IGNITE-16279 > Project: Ignite > Issue Type: Bug > Components: odbc, platforms > Reporter: Ivan Daschinsky > Assignee: Ivan Daschinsky > Priority: Minor > > Platform: ubuntu 20.04, UnixODBC 2.3.7 > {code} > Index: modules/platforms/cpp/odbc/src/utility.cpp > IDEA additional info: > Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP > <+>UTF-8 > =================================================================== > diff --git a/modules/platforms/cpp/odbc/src/utility.cpp > b/modules/platforms/cpp/odbc/src/utility.cpp > --- a/modules/platforms/cpp/odbc/src/utility.cpp (revision > e18bbbedfa23f4a4c7bcd1f4c48fa881411e5653) > +++ b/modules/platforms/cpp/odbc/src/utility.cpp (date 1641994995236) > @@ -136,8 +136,10 @@ > if (!sqlStr || !sqlStrLen) > return res; > > - if (sqlStrLen == SQL_NTS) > + if (sqlStrLen == SQL_NTS) { > + std::cout << "Hopla " << sqlStrC << std::endl; // Here we > go, unexpected. > res.assign(sqlStrC); > + } > else if (sqlStrLen > 0) > res.assign(sqlStrC, sqlStrLen); > > {code} > Run {{TestStingParamNullLen}} under ASan and get report: > https://gist.github.com/ivandasch/00fc80c31cb48022eed81a72ff3c4fc6 > To run under sanitizer: > 1. Add flags > {code} > set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -fsanitize=address > -fno-omit-frame-pointer -fno-sanitize-recover -g") > {code} > 2. Run > {code} > ✗ JAVA_HOME=/opt/jdk/jdk1.8.0_281 > ASAN_OPTIONS=handle_segv=0:detect_leaks=0:symbolize=1 > IGNITE_NATIVE_TEST_ODBC_CONFIG_PATH=/home/ivandasch/Job/ignite-cpp/modules/platforms/cpp/odbc-test/config > ASAN_SYMBOLIZER_PATH=/usr/bin/llvm-symbolizer ./odbc-test/ignite-odbc-tests > -t '*/TestStingParamNullLen' > {code} > P.S. > Seems that this is problem in test, in test we pass not NULL-terminated > string and forget to add StrLen param at the end > Current code > {code} > ret = SQLBindParameter(stmt, 1, SQL_PARAM_INPUT, SQL_C_CHAR, SQL_VARCHAR, > paramData.size(), 0, ¶mData[0], paramLen, 0); > {code} > Should be > {code} > ret = SQLBindParameter(stmt, 1, SQL_PARAM_INPUT, SQL_C_CHAR, SQL_VARCHAR, > paramData.size(), 0, ¶mData[0], paramLen, ¶mLen); > {code} -- This message was sent by Atlassian Jira (v8.20.1#820001)