Poco:Data:ODBC:Binder.h causes a crash

[stevenkao]

In bindImplVec template function.

if (_vecLengthIndicator.size() <= pos)
{
   _vecLengthIndicator.resize(pos + 1);
   _vecLengthIndicator[pos].resize(length, sizeof(T));
}

if (Utility::isError(SQLBindParameter(_rStmt, 
            (SQLUSMALLINT) pos + 1, 
            toODBCDirection(dir), 
            cDataType, 
            Utility::sqlDataType(cDataType), 
            colSize,
            decDigits,
            (SQLPOINTER) &val[0], 
            0, 
            &_vecLengthIndicator[pos][0])))
{
            throw StatementException(_rStmt, "SQLBindParameter()");
}

_vecLengthIndicator[pos].resize(length, sizeof(T)) might change the address of _vecLengthIndicator[pos-1][0].
But Poco passes the address of _vecLengthIndicator[pos][0] to SQLBindParameter function.
When pos=1 and the address of _vecLengthIndicator[0][0] is invalid after _vecLengthIndicator[pos].resize(length, sizeof(T)) executed.
In valgrind, you can see the Invalid read of size error messages and cause a segmentation fault.

[aleks-f]

The _vecLengthIndicator[pos] should be changed to a pointer to std::vector and then &(*_vecLengthIndicator[pos])[0] should be passed to SQLBindParameter (instead of &_vecLengthIndicator[pos][0]). Plus, of course, garbage collection through either Poco::AutoPtr or manually.

I probably won't be able to get to it for 1.5.4; if you can change it, run some tests and send the pull before next week, it'll be in 1.5.4. Otherwise, it'll have to wait for 1.6.0.

[obiltschnig]

I'm assuming the same issue also affects the other vectors of vectors (DateVec, TimeVec, DateTimeVec, AnyVec)?

[aleks-f]

Yes, they should all be changed into std::vector<std::vector*>

[obiltschnig]

great!