Menu
▾
▴
Re: [Firebird-devel] getInfo() result format
|
From: Dimitry S. <sd...@ib...> - 2022-09-07 16:33:15
|
Alex Peshkoff via Firebird-devel wrote 07.09.2022 18:26:
> Not sure what you mean by 'terminal item', but it may be followed by
> isc_info_end if that fits into buffer.
> What about two bytes length - it's single-byte item not followed by anything.
>
> see how it's added:
Ok, now see how it is handled:
while (!redo && *p != isc_info_end && p < buf + buf_len)
{
const UCHAR item = *p++;
const USHORT len = static_cast<USHORT>(gds__vax_integer(p, 2));
p += 2;
switch (item)
{
.......
case isc_info_truncated:
redo = true;
break;
default:
(Arg::Gds(isc_random) << "Invalid info item").raise();
}
p += len;
}
At fourth line you can get read-past-buffer and may be crash. And this code
is copy-pasted everywhere in Firebird source.
--
WBR, SD.
|
