On 10-10-2011 22:48:49 +0200, Sjoerd Mullender wrote:
Don't append partial queries inside mapi_query_part. When using the construct mclient -s 'COPY INTO t FROM STDIN ...' < file.csv mapi_query is called for the first part of the query (on the command line) which allocates just enough space to remember that query, and then mapi_query_part is called for each line of the input file, which assumed the allocated space was 512 bytes, resulting in out-of-bounds writes.
Wouldn't the fix have been to use (computed) ln instead of sz in the else case of the hdl->query check? I think this is the original problem.
With your change now, are back to the situation where only the first line of a query is remembered, which is often as useless as not showing any query at all.
Consider SELECT *<enter> FROM table<enter> WHERE blabla<enter> ;<enter>
if (hdl->query == NULL) {
size_t sz = size;
sz = 512;
hdl->query = malloc(sz + 1);
assert(hdl->query);
hdl->query[0] = '\0';
strncpy(hdl->query, query, sz);
hdl->query[sz] = '\0';
- } else {
size_t ln = strlen(hdl->query), sz = 512 - ln;
if (sz > 0) {
if (size < sz)
sz = size;
assert(hdl->query);
strncat(hdl->query, query, sz);
}
}hdl->query = strdup(query);