qsql ibase: fix memory corruption due to LONG being 4 bytes in firebird.

As fb_types.h says, Firebird requires (S)LONG to be 32 bit, and it defines SLONG to int. This leads to sqllen being 4, so qsql_ibase.cpp allocates 4 bytes... and was writing 8 bytes into it. Fixed by checking sqllen, the same way QIBaseResult::gotoNext does. Change-Id: Ie8680d32f98c354dfc8430b8efbfe95450556956 Reviewed-by: Mark Brand <[email protected]>
leapmotion · Sep 10, 2014 · 507fff2 · 507fff2
1 parent 3e80497
commit 507fff2
Showing 1 changed file with 9 additions and 5 deletions.
diff --git a/src/sql/drivers/ibase/qsql_ibase.cpp b/src/sql/drivers/ibase/qsql_ibase.cpp
@@ -1030,11 +1030,15 @@ bool QIBaseResult::exec()
                     *((qint64*)d->inda->sqlvar[para].sqldata) = val.toLongLong();
                 break;
             case SQL_LONG:
-                if (d->inda->sqlvar[para].sqlscale < 0)
-                    *((long*)d->inda->sqlvar[para].sqldata) =
-                        (long)floor(0.5 + val.toDouble() * pow(10.0, d->inda->sqlvar[para].sqlscale * -1));
-                else
-                    *((long*)d->inda->sqlvar[para].sqldata) = (long)val.toLongLong();
+                if (d->inda->sqlvar[para].sqllen == 4) {
+                    if (d->inda->sqlvar[para].sqlscale < 0)
+                        *((qint32*)d->inda->sqlvar[para].sqldata) =
+                            (qint32)floor(0.5 + val.toDouble() * pow(10.0, d->inda->sqlvar[para].sqlscale * -1));
+                    else
+                        *((qint32*)d->inda->sqlvar[para].sqldata) = (qint32)val.toInt();
+                } else {
+                    *((qint64*)d->inda->sqlvar[para].sqldata) = val.toLongLong();
+                }
                 break;
             case SQL_SHORT:
                 if (d->inda->sqlvar[para].sqlscale < 0)