diff options
| author | Friedemann Kleint <Friedemann.Kleint@digia.com> | 2014-03-18 12:07:53 +0100 |
|---|---|---|
| committer | The Qt Project <gerrit-noreply@qt-project.org> | 2014-03-19 08:44:56 +0100 |
| commit | c1d177d52cfffe61198cfa5ec76bae0c2f44a362 (patch) | |
| tree | d524aa526e012b7b3df4fe752477dd8da7a29cd9 | |
| parent | 7982a378c7058ca6b1ee29f5f5039cb62d2dcfd5 (diff) | |
Fix QByteArray memory corruption in QIBaseDriver::open().
Rewrite code to use QByteArray::reserve(), QByteArray::append()
instead of memcpy().
Task-number: QTBUG-37508
Change-Id: I16ead153f33fa5a34bc01ee27ae4cd1b8993b65e
Reviewed-by: Andy Shaw <andy.shaw@digia.com>
Reviewed-by: Mark Brand <mabrand@mabrand.nl>
(cherry picked from qtbase/0d50efeae9829336ffb7e47692cfdc649e10ee70)
| -rw-r--r-- | src/sql/drivers/ibase/qsql_ibase.cpp | 35 |
1 files changed, 15 insertions, 20 deletions
diff --git a/src/sql/drivers/ibase/qsql_ibase.cpp b/src/sql/drivers/ibase/qsql_ibase.cpp index 86e4398818..a41fe3b050 100644 --- a/src/sql/drivers/ibase/qsql_ibase.cpp +++ b/src/sql/drivers/ibase/qsql_ibase.cpp @@ -1459,27 +1459,22 @@ bool QIBaseDriver::open(const QString & db, pass.truncate(255); QByteArray ba; - ba.resize(usr.length() + pass.length() + enc.length() + role.length() + 6); - int i = -1; - ba[++i] = isc_dpb_version1; - ba[++i] = isc_dpb_user_name; - ba[++i] = usr.length(); - memcpy(ba.data() + ++i, usr.data(), usr.length()); - i += usr.length(); - ba[i] = isc_dpb_password; - ba[++i] = pass.length(); - memcpy(ba.data() + ++i, pass.data(), pass.length()); - i += pass.length(); - ba[i] = isc_dpb_lc_ctype; - ba[++i] = enc.length(); - memcpy(ba.data() + ++i, enc.data(), enc.length()); - i += enc.length(); + ba.reserve(usr.length() + pass.length() + enc.length() + role.length() + 9); + ba.append(char(isc_dpb_version1)); + ba.append(char(isc_dpb_user_name)); + ba.append(char(usr.length())); + ba.append(usr.data(), usr.length()); + ba.append(char(isc_dpb_password)); + ba.append(char(pass.length())); + ba.append(pass.data(), pass.length()); + ba.append(char(isc_dpb_lc_ctype)); + ba.append(char(enc.length())); + ba.append(enc.data(), enc.length()); if (!role.isEmpty()) { - ba[i] = isc_dpb_sql_role_name; - ba[++i] = role.length(); - memcpy(ba.data() + ++i, role.data(), role.length()); - i += role.length(); + ba.append(char(isc_dpb_sql_role_name)); + ba.append(char(role.length())); + ba.append(role.data(), role.length()); } QString ldb; @@ -1487,7 +1482,7 @@ bool QIBaseDriver::open(const QString & db, ldb += host + QLatin1Char(':'); ldb += db; isc_attach_database(d->status, 0, const_cast<char *>(ldb.toLocal8Bit().constData()), - &d->ibase, i, ba.data()); + &d->ibase, ba.size(), ba.data()); if (d->isError(QT_TRANSLATE_NOOP("QIBaseDriver", "Error opening database"), QSqlError::ConnectionError)) { setOpenError(true); |