[Libdbi-drivers-devel] Fixed memory issue in libdbd-sqlite3

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Hi,

I've identified a memory problem which is causing segmentation faults when
running the test suite of OpenBSC which links with libdbd.


See also:
  http://lists.osmocom.org/pipermail/openbsc/2016-March/008207.html
 and
  https://sourceforge.net/p/libdbi/mailman/message/32607036/


One suggested fix is given below. Please modify the fix as you would like to have it.
It's here just to demonstrate the problem and one way to fix it.


Index: libdbi-drivers/drivers/sqlite3/dbd_sqlite3.c
===================================================================

--- libdbi-drivers.orig/drivers/sqlite3/dbd_sqlite3.c	2016-05-11 21:13:28.927363294 +0200
+++ libdbi-drivers/drivers/sqlite3/dbd_sqlite3.c	2016-05-11 21:14:13.412832180 +0200
@@ -1451,15 +1451,15 @@
 		    break;
 		  }
 
-		  word_lower[item-start+1];
-		  strncpy(word_lower,start,item-start);
-		  word_lower[item-start] = '\0';
+		  char word_lower2[item-start+1];
+		  strncpy(word_lower2,start,item-start);
+		  word_lower2[item-start] = '\0';
 		  int i = 0;
-		  while (word_lower[i]) {
-		    word_lower[i] = tolower(word_lower[i]);
+		  while (word_lower2[i]) {
+		    word_lower2[i] = tolower(word_lower2[i]);
 		    i++;
 		  }
-		  if ( strcmp("join",word_lower) == 0 ) {
+		  if ( strcmp("join",word_lower2) == 0 ) {
 		    //printf("stop skip after join found\n");
 		    // we have found the next join, stop skipping
 		    join_flag = 1;
@@ -1467,7 +1467,7 @@
 		    break;
 		  }
                   for ( i = 0 ; i < (sizeof(endwords)/sizeof *(endwords)) ; i++ ) {
-                     if ( strcmp(endwords[i],word_lower) == 0 ) {
+                     if ( strcmp(endwords[i],word_lower2) == 0 ) {
                         /* printf("end word!\n"); */
                         return index;
                     }



Best regards,
Ruben


