From 507fff201bcafc1c28397e7008d8fbfe4c6ffb38 Mon Sep 17 00:00:00 2001 From: David Faure Date: Mon, 25 Aug 2014 13:53:44 +0200 Subject: qsql ibase: fix memory corruption due to LONG being 4 bytes in firebird. As fb_types.h says, Firebird requires (S)LONG to be 32 bit, and it defines SLONG to int. This leads to sqllen being 4, so qsql_ibase.cpp allocates 4 bytes... and was writing 8 bytes into it. Fixed by checking sqllen, the same way QIBaseResult::gotoNext does. Change-Id: Ie8680d32f98c354dfc8430b8efbfe95450556956 Reviewed-by: Mark Brand --- src/sql/drivers/ibase/qsql_ibase.cpp | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) (limited to 'src/sql/drivers') diff --git a/src/sql/drivers/ibase/qsql_ibase.cpp b/src/sql/drivers/ibase/qsql_ibase.cpp index cc26bfe7e8..c751fea825 100644 --- a/src/sql/drivers/ibase/qsql_ibase.cpp +++ b/src/sql/drivers/ibase/qsql_ibase.cpp @@ -1030,11 +1030,15 @@ bool QIBaseResult::exec() *((qint64*)d->inda->sqlvar[para].sqldata) = val.toLongLong(); break; case SQL_LONG: - if (d->inda->sqlvar[para].sqlscale < 0) - *((long*)d->inda->sqlvar[para].sqldata) = - (long)floor(0.5 + val.toDouble() * pow(10.0, d->inda->sqlvar[para].sqlscale * -1)); - else - *((long*)d->inda->sqlvar[para].sqldata) = (long)val.toLongLong(); + if (d->inda->sqlvar[para].sqllen == 4) { + if (d->inda->sqlvar[para].sqlscale < 0) + *((qint32*)d->inda->sqlvar[para].sqldata) = + (qint32)floor(0.5 + val.toDouble() * pow(10.0, d->inda->sqlvar[para].sqlscale * -1)); + else + *((qint32*)d->inda->sqlvar[para].sqldata) = (qint32)val.toInt(); + } else { + *((qint64*)d->inda->sqlvar[para].sqldata) = val.toLongLong(); + } break; case SQL_SHORT: if (d->inda->sqlvar[para].sqlscale < 0) -- cgit v1.2.3