[prev in list] [next in list] [prev in thread] [next in thread]
List: kde-commits
Subject: [kexi/3.1] src/migration/mdb/3rdparty/mdbtools/libmdb: Segfault fix on memo zero length multiple pag
From: Jaroslaw Staniek <null () kde ! org>
Date: 2018-08-30 21:19:24
Message-ID: E1fvULc-0003tX-IT () code ! kde ! org
[Download RAW message or body]
Git commit 56b0498c362c305d4d756623e56af93291849e32 by Jaroslaw Staniek, on behalf of \
Nirgal Vourgère. Committed on 30/08/2018 at 20:35.
Pushed by staniek into branch '3.1'.
Segfault fix on memo zero length multiple page
While converting memo field to string, stop processing on zero length multiple
page.
FIXED-IN:3.1.1
mdbtools a89baeacf5976daf196
M +6 -2 src/migration/mdb/3rdparty/mdbtools/libmdb/data.c
https://commits.kde.org/kexi/56b0498c362c305d4d756623e56af93291849e32
diff --git a/src/migration/mdb/3rdparty/mdbtools/libmdb/data.c \
b/src/migration/mdb/3rdparty/mdbtools/libmdb/data.c index 756aefb53..2ca91cfae 100644
--- a/src/migration/mdb/3rdparty/mdbtools/libmdb/data.c
+++ b/src/migration/mdb/3rdparty/mdbtools/libmdb/data.c
@@ -732,9 +732,13 @@ static char *mdb_memo_to_string(MdbHandle *mdb, int start, int \
size) printf("row num %d start %d len %d\n",
pg_row & 0xff, row_start, len);
#endif
- if (tmpoff + len - 4 > memo_len) {
+ if (tmpoff + len - 4 > memo_len)
break;
- }
+
+ /* Stop processing on zero length multiple page memo fields */
+ if (!len)
+ break;
+
memcpy(tmp + tmpoff, (char*)buf + row_start + 4, len - 4);
tmpoff += len - 4;
} while (( pg_row = mdb_get_int32(buf, row_start) ));
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic