Package: libmyodbc
Version: 5.1.10-2+b1
Severity: important
Tags: upstream patch
In debugging a crashing program I spent many hours investigating this
error report from Valgrind:
==20611== Conditional jump or move depends on uninitialised value(s)
==20611== at 0x7DEEF11: sqlchar_as_sqlwchar (stringutil.c:97)
==20611== by 0x7DCE77E: SQLConnect (ansi.c:268)
==20611== by 0x6: ???
==20611== Uninitialised value was created by a heap allocation
==20611== at 0x4028308: malloc (in
/usr/lib/valgrind/vgpreload_memcheck-x86-linux.so)
==20611== by 0x88C493C: my_malloc (in
/usr/lib/i386-linux-gnu/libmysqlclient.so.18.0.0)
==20611== by 0x7DEEFCA: sqlchar_as_sqlwchar (stringutil.c:71)
==20611== by 0x7DCE77E: SQLConnect (ansi.c:268)
==20611== by 0x6: ???
I found that the code on line 97 reads past the end of the string,
looking for a terminating null character that isn't there and apparently
isn't supposed to be there as the length of the string is kept in a
separate variable. The code then tries to avoid a disaster by doing the
right test after it has done the wrong test, but with a bit of bad luck
the out-of-bounds read could cause a segmentation fault. Even if the
error wouldn't affect the operation of the code, fixing it will save
programmers from wasting their time chasing false alarms.
This patch reverses the order of the two tests. I suppose checking for
null characters is OK as an additional safety measure, but it needs to
be done conditionally after the length test to avoid an out-of-bounds
read.
Having debugging information available would also have saved me a lot of
time. Would it be possible to build a debug package?
-- System Information:
Debian Release: 7.0
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: i386 (i586)
Kernel: Linux 3.2.0-4-486
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages libmyodbc depends on:
ii debconf [debconf-2.0] 1.5.49
ii libc6 2.13-38
ii libmysqlclient18 5.5.31+dfsg-0+wheezy1
ii odbcinst1debian2 2.2.14p2-5
ii zlib1g 1:1.2.7.dfsg-13
Versions of packages libmyodbc recommends:
ii libodbc1 2.2.14p2-5
libmyodbc suggests no packages.
--- mysql-connector-odbc-5.1.10-src.orig/util/stringutil.c 2012-01-24 15:36:53.000000000 +0100
+++ mysql-connector-odbc-5.1.10-src/util/stringutil.c 2013-06-14 21:57:29.000000000 +0200
@@ -94,7 +94,7 @@
return NULL;
}
- for (pos= str, i= 0; *pos && pos < str_end; )
+ for (pos= str, i= 0; pos < str_end && *pos; )
{
if (sizeof(SQLWCHAR) == 4)
{
