Skip to content

Commit

Permalink
Fix CLOB crash due to incorrectly sized buffer
Browse files Browse the repository at this point in the history
  • Loading branch information
@cjbj
cjbj committed Dec 21, 2015
1 parent 8443b18 commit 16d7b94
Show file tree
Hide file tree
Showing 3 changed files with 16 additions and 10 deletions.
6 changes: 4 additions & 2 deletions src/dpi/include/dpiLob.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -67,13 +67,15 @@ class Lob
unsigned long long &byteAmount,
unsigned long long &charAmount,
unsigned long long offset,
void *buf);
void *buf,
unsigned long long bufl);

static void write(DpiHandle *svch, DpiHandle *errh, Descriptor *lobLocator,
unsigned long long &byteAmount,
unsigned long long &charAmount,
unsigned long long offset,
void *buf);
void *buf,
unsigned long long bufl);

static unsigned int chunkSize(DpiHandle *svch, DpiHandle *errh,
Descriptor *lobLocator);
Expand Down
10 changes: 4 additions & 6 deletions src/dpi/src/dpiLob.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -79,13 +79,12 @@ using namespace dpi;

void Lob::read(DpiHandle *svch, DpiHandle *errh, Descriptor *lobLocator,
unsigned long long &byteAmount, unsigned long long &charAmount,
unsigned long long offset, void *buf)
unsigned long long offset, void *buf, unsigned long long bufl)
{
ociCall(OCILobRead2((OCISvcCtx *)svch, (OCIError *)errh,
(OCILobLocator *)lobLocator,
(oraub8 *)&byteAmount, (oraub8 *)&charAmount,
// for CLOBs, buflen is sized to handle multi-byte charsets
offset, buf, byteAmount ? byteAmount : charAmount*4,
offset, buf, (oraub8)(byteAmount ? byteAmount : bufl),
OCI_ONE_PIECE, NULL, NULL, 0, SQLCS_IMPLICIT),
(OCIError *)errh);
}
Expand Down Expand Up @@ -127,13 +126,12 @@ void Lob::read(DpiHandle *svch, DpiHandle *errh, Descriptor *lobLocator,

void Lob::write(DpiHandle *svch, DpiHandle *errh, Descriptor *lobLocator,
unsigned long long &byteAmount, unsigned long long &charAmount,
unsigned long long offset, void *buf)
unsigned long long offset, void *buf, unsigned long long bufl)
{
ociCall(OCILobWrite2((OCISvcCtx *)svch, (OCIError *)errh,
(OCILobLocator *)lobLocator,
(oraub8 *)&byteAmount, (oraub8 *)&charAmount,
// for CLOBs, buflen is sized to handle multi-byte charsets
offset, buf, byteAmount ? byteAmount : charAmount*4,
offset, buf, (oraub8)(byteAmount ? byteAmount : bufl),
OCI_ONE_PIECE, NULL, NULL, 0, SQLCS_IMPLICIT),
(OCIError *)errh);
}
Expand Down
10 changes: 8 additions & 2 deletions src/njs/src/njsIntLob.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -896,16 +896,19 @@ void ILob::Async_Read(uv_work_t *req)
{
unsigned long long byteAmount = (unsigned long int)iLob->bufSize_;
unsigned long long charAmount = 0;
unsigned long long bufl = 0;

// Clobs read by characters
if (iLob->fetchType_ == DpiClob)
{
charAmount = iLob->bufSize_;
byteAmount = 0;
// for CLOBs, buflen is adjusted to handle multi-byte charsets
bufl = charAmount * iLob->dpiconn_->getByteExpansionRatio();
}
Lob::read((DpiHandle *)iLob->svch_, (DpiHandle *)iLob->errh_,
(Descriptor *)iLob->lobLocator_, byteAmount, charAmount,
iLob->offset_, (void *)iLob->buf_);
iLob->offset_, (void *)iLob->buf_, bufl);

// amountRead_ used in Async_AfterRead to construct string
iLob->amountRead_ = (unsigned long)byteAmount;
Expand Down Expand Up @@ -1087,10 +1090,13 @@ void ILob::Async_Write(uv_work_t *req)
{
unsigned long long byteAmount = lobBaton->writelen;
unsigned long long charAmount = 0; // interested in byte amount only
// for CLOBs, buflen is adjusted to handle multi-byte charsets
unsigned long long bufl = charAmount *
iLob->dpiconn_->getByteExpansionRatio();

Lob::write((DpiHandle *)iLob->svch_, (DpiHandle *)iLob->errh_,
(Descriptor *)iLob->lobLocator_, byteAmount, charAmount,
iLob->offset_, lobBaton->writebuf);
iLob->offset_, lobBaton->writebuf, bufl);


iLob->amountWritten_ = (unsigned long)byteAmount;
Expand Down

0 comments on commit 16d7b94

Please sign in to comment.