Merge branch 'odbc-3.1'. C/C has been moved to v3.4.8 as part of merge

Author: lawrinn

driver/ma_api_internal.cpp

@@ -1559,20 +1559,26 @@ SQLRETURN MA_SQLGetData(SQLHSTMT StatementHandle,
   MADB_Stmt* Stmt= (MADB_Stmt*)StatementHandle;
   unsigned int i;
   MADB_DescRecord* IrdRec;
+  uint32_t columnCount= 0;
 
   RESET_CANCELED(Stmt);
   /* In case we don't have DM(it check for that) */
   if (TargetValuePtr == NULL)
   {
     return MADB_SetError(&Stmt->Error, MADB_ERR_HY009, NULL, 0);
   }
-
   /* Bookmark */
   if (Col_or_Param_Num == 0)
   {
     return MADB_GetBookmark(Stmt, TargetType, TargetValuePtr, BufferLength, StrLen_or_IndPtr);
   }
-
+  /* This parameter validation has to be done before using it as array index
+   * To be on the safer side also checking if metadata is set, and if not - also treating it as index > max 
+   */
+  if (!Stmt->metadata || Col_or_Param_Num > (columnCount= Stmt->metadata->getColumnCount()))
+  {
+    return MADB_SetError(&Stmt->Error, MADB_ERR_07009, NULL, 0);
+  }
   /* We don't need this to be checked in case of "internal" use of the GetData, i.e. for internal needs we should always get the data */
   if (Stmt->CharOffset[Col_or_Param_Num - 1] > 0
     && Stmt->CharOffset[Col_or_Param_Num - 1] >= Stmt->Lengths[Col_or_Param_Num - 1])
@@ -1586,7 +1592,7 @@ SQLRETURN MA_SQLGetData(SQLHSTMT StatementHandle,
   }
 
   /* reset offsets for other columns. Doing that here since "internal" calls should not do that */
-  for (i= 0; i < Stmt->metadata->getColumnCount(); i++)
+  for (i= 0; i < columnCount; i++)
   {
     if (i != Col_or_Param_Num - 1)
     {

driver/ma_statement.cpp

@@ -2777,8 +2777,7 @@ SQLRETURN MADB_StmtGetData(SQLHSTMT     StatementHandle,
   IrdRec= MADB_DescGetInternalRecord(Stmt->Ird, Offset, MADB_DESC_READ);
   if (!IrdRec)
   {
-    MADB_SetError(&Stmt->Error, MADB_ERR_07009, NULL, 0);
-    return Stmt->Error.ReturnValue;
+    return MADB_SetError(&Stmt->Error, MADB_ERR_07009, NULL, 0);
   }
 
   switch (TargetType) {

libmariadb

@@ -977,7 +977,8 @@ ODBC_TEST(t_bug59772)
 #undef ROWS_TO_INSERT
 }
 
-
+/* Enhanced it to also cover ODBC-479 SQLGetData with non-existent column index could crash
+   the driver */
 ODBC_TEST(t_odbcoutparams)
 {
   SQLSMALLINT ncol, i;
@@ -986,6 +987,7 @@ ODBC_TEST(t_odbcoutparams)
   SQLSMALLINT type[]= {SQL_PARAM_INPUT, SQL_PARAM_OUTPUT, SQL_PARAM_INPUT_OUTPUT};
   SQLCHAR     str[20]= "initial value", buff[20];
   SQLHANDLE   hdbc= NULL, hstmt;
+  double      dummy = .0;
 
   CHECK_ENV_RC(Env, SQLAllocConnect(Env, &hdbc));
   hstmt= DoConnect(hdbc, FALSE, NULL, NULL, NULL, 0, NULL, NULL, NULL, "PSCACHESIZE=0");
@@ -1016,8 +1018,12 @@ ODBC_TEST(t_odbcoutparams)
 
   /* Only 1 row always - we still can get them as a result */
   CHECK_STMT_RC(hstmt, SQLFetch(hstmt));
+  EXPECT_STMT(hstmt, SQLGetData(hstmt, 133, SQL_C_DOUBLE, &dummy, sizeof(dummy), NULL), SQL_ERROR);
+  CHECK_SQLSTATE(hstmt, "07009");
   is_num(my_fetch_int(hstmt, 1), 1300);
   is_num(my_fetch_int(hstmt, 2), 300);
+  EXPECT_STMT(hstmt, SQLGetData(hstmt, 3, SQL_C_DOUBLE, &dummy, sizeof(dummy), NULL), SQL_ERROR);
+  CHECK_SQLSTATE(hstmt, "07009");
   FAIL_IF(SQLFetch(hstmt) != SQL_NO_DATA_FOUND, "eof expected");
 
   CHECK_STMT_RC(hstmt, SQLFreeStmt(hstmt, SQL_CLOSE));
@@ -1759,7 +1765,7 @@ MA_ODBC_TESTS my_tests[]=
   {t_bug49029, "t_bug49029"},
   {t_bug56804, "t_bug56804"},
   {t_bug59772, "t_bug59772"},
-  {t_odbcoutparams, "t_odbcoutparams"},
+  {t_odbcoutparams, "t_odbcoutparams-with_odbc-479"},
   {t_bug14501952, "t_bug14501952"},
   {t_bug14563386, "t_bug14563386"},
   {t_bug14551229, "t_bug14551229"},