Git commit 56b0498c362c305d4d756623e56af93291849e32 by Jaroslaw Staniek, on=
 behalf of Nirgal Vourg=C3=A8re.
Committed on 30/08/2018 at 20:35.
Pushed by staniek into branch '3.1'.

Segfault fix on memo zero length multiple page

While converting memo field to string, stop processing on zero length multi=
ple
page.

FIXED-IN:3.1.1
mdbtools a89baeacf5976daf196

M  +6    -2    src/migration/mdb/3rdparty/mdbtools/libmdb/data.c

https://commits.kde.org/kexi/56b0498c362c305d4d756623e56af93291849e32

diff --git a/src/migration/mdb/3rdparty/mdbtools/libmdb/data.c b/src/migrat=
ion/mdb/3rdparty/mdbtools/libmdb/data.c
index 756aefb53..2ca91cfae 100644
--- a/src/migration/mdb/3rdparty/mdbtools/libmdb/data.c
+++ b/src/migration/mdb/3rdparty/mdbtools/libmdb/data.c
@@ -732,9 +732,13 @@ static char *mdb_memo_to_string(MdbHandle *mdb, int st=
art, int size)
 			printf("row num %d start %d len %d\n",
 				pg_row & 0xff, row_start, len);
 #endif
-			if (tmpoff + len - 4 > memo_len) {
+			if (tmpoff + len - 4 > memo_len)
 				break;
-			}
+
+			/* Stop processing on zero length multiple page memo fields */
+			if (!len)
+				break;
+
 			memcpy(tmp + tmpoff, (char*)buf + row_start + 4, len - 4);
 			tmpoff +=3D len - 4;
 		} while (( pg_row =3D mdb_get_int32(buf, row_start) ));