tdf#138691: avoid buffer overflow

Change-Id: Ib5eaf6c658e1185c1e3eec7ce34f0ce54d6ce771 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/129441 Tested-by: Jenkins Reviewed-by: Mike Kaganski <mike.kaganski@collabora.com>
author: Mike Kaganski <mike.kaganski@collabora.com> 2022-02-05 16:13:50 +0100
committer: Mike Kaganski <mike.kaganski@collabora.com> 2022-02-05 17:26:31 +0100
commit: 94ba3770ffe31bd26e0c67a5609c8935994b808a (patch)
tree: 11509a14f1b15734aabf56bfbf9ae55796cc97d0
parent: 74ad7417afc3a8dce6fed2d716a085e0489414f8 (diff)
1 files changed, 4 insertions, 1 deletions
diff --git a/connectivity/source/drivers/firebird/PreparedStatement.cxx b/connectivity/source/drivers/firebird/PreparedStatement.cxx
index c665581f8c32..9225c3b26895 100644
--- a/connectivity/source/drivers/firebird/PreparedStatement.cxx
+++ b/connectivity/source/drivers/firebird/PreparedStatement.cxx
@@ -923,9 +923,12 @@ void SAL_CALL OPreparedStatement::setBytes(sal_Int32 nParameterIndex,
     }
     else if( dType == SQL_TEXT )
     {
+            if (pVar->sqllen < xBytes.getLength())
+                dbtools::throwSQLException("Data too big for this field",
+                                           dbtools::StandardSQLState::INVALID_SQL_DATA_TYPE, *this);
             setParameterNull(nParameterIndex, false);
             memcpy(pVar->sqldata, xBytes.getConstArray(), xBytes.getLength() );
-            // Fill remainder with spaces
+            // Fill remainder with zeroes
             memset(pVar->sqldata + xBytes.getLength(), 0, pVar->sqllen - xBytes.getLength());
     }
     else
author	Mike Kaganski <mike.kaganski@collabora.com>	2022-02-05 16:13:50 +0100
committer	Mike Kaganski <mike.kaganski@collabora.com>	2022-02-05 17:26:31 +0100
commit	94ba3770ffe31bd26e0c67a5609c8935994b808a (patch)
tree	11509a14f1b15734aabf56bfbf9ae55796cc97d0
parent	74ad7417afc3a8dce6fed2d716a085e0489414f8 (diff)