Re: mdbtools: [PATCH] Fixes in odbc.c to return size of returned strings and handle OLE data

To: ubuntu-users@lists.ubuntu.com, packages@qa.debian.org
Subject: Re: mdbtools: [PATCH] Fixes in odbc.c to return size of returned strings and handle OLE data
From: Even Rouault <even.rouault@mines-paris.org>
Date: Mon, 24 Nov 2008 23:56:03 +0100
Message-id: <[🔎] 200811242356.03290.even.rouault@mines-paris.org>
In-reply-to: <[🔎] 200811231626.29557.even.rouault@mines-paris.org>
References: <[🔎] 200811231626.29557.even.rouault@mines-paris.org>

Package: mdbtools
Version: 0.5.99.0.6pre1.0.20051109-4
Severity: important

I've also reported it on Fedora's bugzilla as 
https://bugzilla.redhat.com/show_bug.cgi?id=472692

A Fedora maintener has reviewed the patch and proposed a revised version which 
I agree about. As he was the first one of the distro's mainteners to react, 
I'd propose that the potential further discussions take place over there. :-)

Anyway, I'm attaching that revised version to that email.

Best regards

Le Sunday 23 November 2008 16:26:28 Even Rouault, vous avez écrit :
> Package: mdbtools
> Version: 0.5.99.0.6pre1.0.20051109-4
> Severity: important
>
> *** Please type your report below this line ***
>
> Attached a patch that fixes several issues in odbc.c that have been found
> while using libmdbodbc.so with the OGR PGeo driver of the GDAL package.
> - SQLDescribeCol doesn't return the string length in *pcbColName, which
>   breaks CPLODBCStatement::CollectResultsInfo() in port/cpl_odbc.cpp in
>   GDAL that uses that value to force a '\0' character at the end of the
>   string
> - SQLColAttributes doesn't return the string length in *pcbDesc, which
>   breaks CPLODBCStatement::CollectResultsInfo() in port/cpl_odbc.cpp in
>   GDAL that uses that value to force a '\0' character at the end of the
>   string
> - SQLGetData doesn't return the correct string length in *pcbValue. It
>   should return strlen(rgbValue) instead of col->cur_value_len which is
>   sometimes < strlen(rgbValue). That breaks CPLODBCStatement::Fetch in
>   port/cpl_odbc.cpp that uses that value to force a '\0' character at
>   the end of the string
> - SQLGetData doesn't handle correctly OLE data type, which prevents the
>   OGR PGeo driver from retrieving the geometry data
>
> -- System Information:
> Debian Release: lenny/sid
>   APT prefers hardy-updates
>   APT policy: (500, 'hardy-updates'), (500, 'hardy-security'),
> (500, 'hardy-proposed'), (500, 'hardy-backports'), (500, 'hardy')
> Architecture: i386 (i686)
>
> Kernel: Linux 2.6.24-21-386
> Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
> Shell: /bin/sh linked to /bin/dash
>
> Versions of packages mdbtools depends on:
> ii  libc6        2.7-10ubuntu4               GNU C Library: Shared
> libraries ii  libglib2.0-0 2.16.6-0ubuntu1             The GLib library of
> C routines ii  libmdbtools  0.5.99.0.6pre1.0.20051109-4 mdbtools libraries
> ii  libreadline5 5.2-3build1                 GNU readline and history
> libraries
>
> mdbtools recommends no packages.
>
> -- no debconf information

--- mdbtools-0.5.99.0.6pre1.0.20051109.ori/src/odbc/odbc.c	2005-04-09 13:17:56.000000000 +0200
+++ mdbtools-0.5.99.0.6pre1.0.20051109/src/odbc/odbc.c	2008-11-24 20:11:53.000000000 +0100
@@ -597,7 +597,7 @@
     SQLSMALLINT FAR   *pibScale,
     SQLSMALLINT FAR   *pfNullable)
 {
-	int namelen, i;
+	int i;
 	struct _hstmt *stmt = (struct _hstmt *) hstmt;
 	struct _hdbc *dbc = (struct _hdbc *) stmt->hdbc;
 	struct _henv *env = (struct _henv *) dbc->henv;
@@ -620,9 +620,10 @@
      }
 
 	if (szColName) {
-		namelen = MIN(cbColNameMax,strlen(sqlcol->name));
-		strncpy(szColName, sqlcol->name, namelen);
-		szColName[namelen]='\0';
+		strncpy(szColName, sqlcol->name, cbColNameMax);
+		szColName[cbColNameMax - 1] = '\0';
+		if (pcbColName)
+			*pcbColName = strlen(sqlcol->name);
 	}
 	if (pfSqlType) {
 		*pfSqlType = _odbc_get_client_type(col->col_type);
@@ -650,7 +651,7 @@
     SQLSMALLINT FAR   *pcbDesc,
     SQLINTEGER FAR    *pfDesc)
 {
-	int namelen, i;
+	int i;
 	struct _hstmt *stmt;
 	struct _hdbc *dbc;
 	struct _henv *env;
@@ -690,9 +691,10 @@
 	switch(fDescType) {
 		case SQL_COLUMN_NAME:
 		case SQL_COLUMN_LABEL:
-			namelen = MIN(cbDescMax,strlen(sqlcol->name));
-			strncpy(rgbDesc, sqlcol->name, namelen);
-			((char *)rgbDesc)[namelen]='\0';
+			strncpy(rgbDesc, sqlcol->name, cbDescMax);
+			((char *)rgbDesc)[cbDescMax - 1] = '\0';
+ 			if (pcbDesc)
+				*pcbDesc = strlen(sqlcol->name);
 			break;
 		case SQL_COLUMN_TYPE:
 			*pfDesc = SQL_CHAR;
@@ -1162,13 +1164,21 @@
 		strcpy(rgbValue, (col->cur_value_len)?"0":"1");
 		if (pcbValue)
 			*pcbValue = 1;
+	} else if (col->col_type == MDB_OLE) {
+		int len;
+		col->bind_ptr = rgbValue;
+		len = mdb_ole_read(mdb, col, mdb->pg_buf + col->cur_value_start, cbValueMax);
+		col->bind_ptr = NULL;
+		if (pcbValue)
+			*pcbValue = len;
 	} else if (col->cur_value_len) {
 		char *str = mdb_col_to_string(mdb,mdb->pg_buf,
 			col->cur_value_start,col->col_type,col->cur_value_len);
-		strcpy(rgbValue, str);
+		strncpy(rgbValue, str, cbValueMax);
+		((char *)rgbValue)[cbValueMax - 1] = 0;
 		g_free(str);
 		if (pcbValue)
-			*pcbValue = col->cur_value_len;
+			*pcbValue = strlen(rgbValue);
 	} else {
 		/* When NULL data is retrieved, non-null pcbValue is required */
 		if (pcbValue) {

Reply to:

References:
- mdbtools: [PATCH] Fixes in odbc.c to return size of returned strings and handle OLE data
  - From: Even Rouault <even.rouault@mines-paris.org>

Prev by Date: Taмoженное оформлeниe
Next by Date: Hol Dir Dein Geld ab
Previous by thread: mdbtools: [PATCH] Fixes in odbc.c to return size of returned strings and handle OLE data
Next by thread: mpg321 0.2.10.5 MIGRATED to testing
Index(es):
- Date
- Thread