[Zope-Checkins] CVS: Products/DCOracle2/src - dco2.c:1.126

[Matthew T. Kromer]

Update of /cvs-repository/Products/DCOracle2/src
In directory cvs.zope.org:/tmp/cvs-serv28076/src

Modified Files:
	dco2.c 
Log Message:
Dr. Volker Apelt showed that Oracle was attempting to access past the end of
a BindingArray, so pad arrays with an extra element just to be safe.


=== Products/DCOracle2/src/dco2.c 1.125 => 1.126 ===
--- Products/DCOracle2/src/dco2.c:1.125	Thu Nov 21 11:08:36 2002
+++ Products/DCOracle2/src/dco2.c	Thu Dec  5 13:22:58 2002
@@ -6143,6 +6143,8 @@
 
 	TRACE(T_ENTRY, ("sdd", "BindingArray_alloc", entries, itemsize));
 
+	entries += 1;	/* Pad by 1 for safety */
+
 	if ((ba = (BindingArray *)malloc(sizeof (BindingArray))) == NULL) 
 		return NULL;
 
@@ -6156,7 +6158,7 @@
 
 	ba->itemsize	= itemsize;
 	ba->count	= 0;
-	ba->entries	= entries;
+	ba->entries	= entries - 1;	/* Lie about our pad */
 
 	if (ba->valuep == NULL || ba->valueszp == NULL || ba->dtyp == NULL
 		|| ba->indp == NULL || ba->alenp == NULL
@@ -6189,6 +6191,8 @@
 
 	TRACE(T_ENTRY, ("sAd", "BindingArray_realloc", ba, entries));
 
+	entries += 1;	/* Pad entries by 1 */
+
 	ba->valuep	= (dvoid *) realloc(ba->valuep, ba->itemsize * entries);
 	ba->valueszp	= (sb4 *) realloc(ba->valueszp, sizeof(sb4) * entries);
 	ba->dtyp	= (ub2 *) realloc(ba->dtyp,     sizeof(ub2) * entries);
@@ -6199,7 +6203,7 @@
 				sizeof(PyObject *) * entries);
 
 	i = ba->entries;
-	ba->entries	= entries;
+	ba->entries	= entries - 1; /* Lie about the pad */
 
 	if (ba->valuep == NULL || ba->valueszp == NULL || ba->dtyp == NULL
 		|| ba->indp == NULL || ba->alenp == NULL
@@ -6209,7 +6213,7 @@
 		return NULL;
 	}
 
-	for (; i < entries; i++) {
+	for (; i < ba->entries; i++) {
 		ba->valueszp[i] = ba->itemsize;
 		ba->dtyp[i] = 0;
 		ba->indp[i] = 0;