diff options
author | Marc Mutz <marc.mutz@qt.io> | 2023-01-31 11:06:56 +0100 |
---|---|---|
committer | Marc Mutz <marc.mutz@qt.io> | 2023-02-01 12:21:23 +0000 |
commit | 4c445ef0bae8b36ec4a742552f0ebd81a1a90723 (patch) | |
tree | 327f380bcf4e4cea3dfe1844f8a8f63c125f0eff /src/plugins/sqldrivers/odbc/qsql_odbc.cpp | |
parent | a1d43b8334f71055da606b3546d482cbcff08170 (diff) |
ODBC SQL driver: fix conversion of QByteArray to QVLA<SQLTCHAR>
The QByteArray is assumed to contain an SQLTCHAR string (so, either
UTF-8, UTF-16 or UTF-32-encoded). Only in the UTF-8 case would the
size of the byte array be the same as the size of the SQLTCHAR string
in codepoints, yet the size in bytes is what the code passed to the
QVLA<SQLTCHAR> append() call, causing it to read past the QByteArray
buffer in the UTF-16 and UTF-32 cases.
Fix by properly calculating the string size from the size-in-bytes and
then memcpy()ing into the QVLA. We use memcpy() and not
QVLA::append(T*, n) because the QByteArray buffer need not be aligned
on an alignof(SQLTCHAR) boundary (certainly not since it gained the
prepend "optimization").
Pick-to: 6.5 6.4 6.2 5.15
Change-Id: If3838c3dee89e6aca65541242642315b8e1fa6b4
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
Diffstat (limited to 'src/plugins/sqldrivers/odbc/qsql_odbc.cpp')
-rw-r--r-- | src/plugins/sqldrivers/odbc/qsql_odbc.cpp | 9 |
1 files changed, 5 insertions, 4 deletions
diff --git a/src/plugins/sqldrivers/odbc/qsql_odbc.cpp b/src/plugins/sqldrivers/odbc/qsql_odbc.cpp index 5c05b5df27..325803302e 100644 --- a/src/plugins/sqldrivers/odbc/qsql_odbc.cpp +++ b/src/plugins/sqldrivers/odbc/qsql_odbc.cpp @@ -1740,10 +1740,11 @@ bool QODBCResult::exec() case QMetaType::QString: if (d->unicode) { if (bindValueType(i) & QSql::Out) { - const QByteArray &first = tmpStorage.at(i); - QVarLengthArray<SQLTCHAR> array; - array.append((const SQLTCHAR *)first.constData(), first.size()); - values[i] = fromSQLTCHAR(array, first.size()/sizeof(SQLTCHAR)); + const QByteArray &bytes = tmpStorage.at(i); + const auto strSize = bytes.size() / sizeof(SQLTCHAR); + QVarLengthArray<SQLTCHAR> string(strSize); + memcpy(string.data(), bytes.data(), strSize * sizeof(SQLTCHAR)); + values[i] = fromSQLTCHAR(string); } break; } |