Package: libpqxx-6.2
Version: 6.2.5-1
Severity: important
Tags: patch upstream
Due to the bug, large object may be truncated while reading it from DB if LOB
contains 0xff byte and it hits the buffer boundary.
-- System Information:
Debian Release: 10.5
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 4.19.0-9-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8),
LANGUAGE=en_US:en (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages libpqxx-6.2 depends on:
ii libc6 2.28-10
ii libgcc1 1:8.3.0-6
ii libpq5 11.9-0+deb10u1
ii libstdc++6 8.3.0-6
libpqxx-6.2 recommends no packages.
libpqxx-6.2 suggests no packages.
-- no debconf information
Index: libpqxx-6.2.5/include/pqxx/largeobject.hxx
===================================================================
--- libpqxx-6.2.5.orig/include/pqxx/largeobject.hxx
+++ libpqxx-6.2.5/include/pqxx/largeobject.hxx
@@ -434,11 +434,12 @@ protected:
virtual int_type underflow() override
{
if (!this->gptr()) return EoF();
- char *const eb = this->eback();
- const int_type res(static_cast<int_type>(
- AdjustEOF(m_obj.cread(this->eback(), m_bufsize))));
- this->setg(eb, eb, eb + ((res==EoF()) ? 0 : res));
- return (!res || (res == EoF())) ? EoF() : *eb;
+ auto *const eb{this->eback()};
+ auto const res = AdjustEOF(
+ m_obj.cread(this->eback(), static_cast<std::size_t>(m_bufsize)));
+ this->setg(
+ eb, eb, eb + (res == EoF() ? 0 : static_cast<std::size_t>(res)));
+ return (res == EoF() || res == 0) ? EoF() : traits_type::to_int_type(*eb);
}
private:
