firebird/firebird-mirror
firebird/firebird-mirror
8
0
Fork 1
mirror of https://github.com/FirebirdSQL/firebird.git synced 2025-01-22 23:23:02 +01:00
Code Issues

Avoid BOF as suggested by Vlad Khorsun

Browse Source 
Fix possible buffer problem as suggested by Dmitry Yemanov
This commit is contained in:
Dimitry Sibiryakov 2020-06-16 14:05:02 +02:00
parent 6a37221faf
commit 2f0a3d39db
1 changed files with 18 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

40
src/jrd/inf.cpp
View File

@ -227,7 +227,7 @@ void INF_database_info(thread_db* tdbb,
CHECK_INPUT("INF_database_info"); CHECK_INPUT("INF_database_info");
CountsBuffer counts_buffer; CountsBuffer counts_buffer;
UCHAR* buffer = counts_buffer.getBuffer(BUFFER_SMALL); UCHAR* buffer = counts_buffer.getBuffer(BUFFER_SMALL, false);
USHORT length; USHORT length;
ULONG err_val; ULONG err_val;
bool header_refreshed = false; bool header_refreshed = false;
@ -458,31 +458,24 @@ void INF_database_info(thread_db* tdbb,
case isc_info_db_id: case isc_info_db_id:
{ {
counts_buffer.resize(BUFFER_SMALL); counts_buffer.clear();
const UCHAR* const end_buf = counts_buffer.end();
// May be simpler to code using a server-side version of isql's Extender class.
const PathName& str_fn = dbb->dbb_database_name; const PathName& str_fn = dbb->dbb_database_name;
STUFF(p, 2); counts_buffer.push(2);
USHORT len = str_fn.length(); PathName::size_type len = str_fn.length();
if (p + len + 1 >= end_buf)
len = end_buf - p - 1;
if (len > 255) if (len > 255)
len = 255; // Cannot put more in one byte, will truncate instead. len = 255; // Cannot put more in one byte, will truncate instead.
*p++ = len; counts_buffer.push(static_cast<UCHAR>(len));
memcpy(p, str_fn.c_str(), len); counts_buffer.push(reinterpret_cast<const UCHAR*>(str_fn.c_str()), len);
p += len;
if (p + 2 < end_buf) TEXT site[256];
{
SCHAR site[256];
ISC_get_host(site, sizeof(site)); ISC_get_host(site, sizeof(site));
len = static_cast<USHORT>(strlen(site)); UCHAR siteLen = static_cast<UCHAR>(strlen(site));
if (p + len + 1 >= end_buf) counts_buffer.push(siteLen);
len = end_buf - p - 1; counts_buffer.push(reinterpret_cast<UCHAR*>(site), siteLen);
*p++ = len;
memcpy(p, site, len); buffer = counts_buffer.begin();
p += len; length = counts_buffer.getCount();
}
length = p - buffer;
} }
break; break;
@ -859,7 +852,8 @@ void INF_database_info(thread_db* tdbb,
{ {
static const unsigned char features[] = ENGINE_FEATURES; static const unsigned char features[] = ENGINE_FEATURES;
length = sizeof(features); length = sizeof(features);
memcpy(buffer, features, length); counts_buffer.assign(features, length);
buffer = counts_buffer.begin();
break; break;
} }