qsql ibase: fix memory corruption due to LONG being 4 bytes in firebird.

As fb_types.h says, Firebird requires (S)LONG to be 32 bit, and it defines
SLONG to int. This leads to sqllen being 4, so qsql_ibase.cpp allocates
4 bytes... and was writing 8 bytes into it.

Fixed by checking sqllen, the same way QIBaseResult::gotoNext does.

Change-Id: Ie8680d32f98c354dfc8430b8efbfe95450556956
Reviewed-by: Mark Brand <mabrand@mabrand.nl>

1 files changed, 9 insertions, 5 deletions

diff --git a/src/sql/drivers/ibase/qsql_ibase.cpp b/src/sql/drivers/ibase/qsql_ibase.cpp
index cc26bfe7e8..c751fea825 100644
--- a/src/sql/drivers/ibase/qsql_ibase.cpp
+++ b/src/sql/drivers/ibase/qsql_ibase.cpp
@@ -1030,11 +1030,15 @@ bool QIBaseResult::exec()
                     *((qint64*)d->inda->sqlvar[para].sqldata) = val.toLongLong();
                 break;
             case SQL_LONG:
-                if (d->inda->sqlvar[para].sqlscale < 0)
-                    *((long*)d->inda->sqlvar[para].sqldata) =
-                        (long)floor(0.5 + val.toDouble() * pow(10.0, d->inda->sqlvar[para].sqlscale * -1));
-                else
-                    *((long*)d->inda->sqlvar[para].sqldata) = (long)val.toLongLong();
+                if (d->inda->sqlvar[para].sqllen == 4) {
+                    if (d->inda->sqlvar[para].sqlscale < 0)
+                        *((qint32*)d->inda->sqlvar[para].sqldata) =
+                            (qint32)floor(0.5 + val.toDouble() * pow(10.0, d->inda->sqlvar[para].sqlscale * -1));
+                    else
+                        *((qint32*)d->inda->sqlvar[para].sqldata) = (qint32)val.toInt();
+                } else {
+                    *((qint64*)d->inda->sqlvar[para].sqldata) = val.toLongLong();
+                }
                 break;
             case SQL_SHORT:
                 if (d->inda->sqlvar[para].sqlscale < 0)