diff options
author | David Faure <david.faure@kdab.com> | 2014-08-25 13:53:44 +0200 |
---|---|---|
committer | Thiago Macieira <thiago.macieira@intel.com> | 2014-09-10 08:28:11 +0200 |
commit | 507fff201bcafc1c28397e7008d8fbfe4c6ffb38 (patch) | |
tree | 787a0a5fdaebc60edb16fdc30cd80e70c03f8294 /src/sql | |
parent | 3e804976687ce3dbe424ae5dfa47bba0a6280ce1 (diff) |
qsql ibase: fix memory corruption due to LONG being 4 bytes in firebird.
As fb_types.h says, Firebird requires (S)LONG to be 32 bit, and it defines
SLONG to int. This leads to sqllen being 4, so qsql_ibase.cpp allocates
4 bytes... and was writing 8 bytes into it.
Fixed by checking sqllen, the same way QIBaseResult::gotoNext does.
Change-Id: Ie8680d32f98c354dfc8430b8efbfe95450556956
Reviewed-by: Mark Brand <mabrand@mabrand.nl>
Diffstat (limited to 'src/sql')
-rw-r--r-- | src/sql/drivers/ibase/qsql_ibase.cpp | 14 |
1 files changed, 9 insertions, 5 deletions
diff --git a/src/sql/drivers/ibase/qsql_ibase.cpp b/src/sql/drivers/ibase/qsql_ibase.cpp index cc26bfe7e8..c751fea825 100644 --- a/src/sql/drivers/ibase/qsql_ibase.cpp +++ b/src/sql/drivers/ibase/qsql_ibase.cpp @@ -1030,11 +1030,15 @@ bool QIBaseResult::exec() *((qint64*)d->inda->sqlvar[para].sqldata) = val.toLongLong(); break; case SQL_LONG: - if (d->inda->sqlvar[para].sqlscale < 0) - *((long*)d->inda->sqlvar[para].sqldata) = - (long)floor(0.5 + val.toDouble() * pow(10.0, d->inda->sqlvar[para].sqlscale * -1)); - else - *((long*)d->inda->sqlvar[para].sqldata) = (long)val.toLongLong(); + if (d->inda->sqlvar[para].sqllen == 4) { + if (d->inda->sqlvar[para].sqlscale < 0) + *((qint32*)d->inda->sqlvar[para].sqldata) = + (qint32)floor(0.5 + val.toDouble() * pow(10.0, d->inda->sqlvar[para].sqlscale * -1)); + else + *((qint32*)d->inda->sqlvar[para].sqldata) = (qint32)val.toInt(); + } else { + *((qint64*)d->inda->sqlvar[para].sqldata) = val.toLongLong(); + } break; case SQL_SHORT: if (d->inda->sqlvar[para].sqlscale < 0) |