View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0006570 | JEDI VCL | 00 JVCL Components | public | 2017-05-08 15:43 | 2019-05-03 11:10 |
| Reporter | rarog | Assigned To | obones | ||
| Priority | normal | Severity | crash | Reproducibility | always |
| Status | resolved | Resolution | fixed | ||
| Product Version | Daily / GIT | ||||
| Target Version | Fixed in Version | Daily / GIT | |||
| Summary | 0006570: JvMemoryData easilly corrupts buffer when using many fields | ||||
| Description | TJvMemoryData.InitFieldDefsFromFields can easily corrupt the buffer without throwing any error. The problem root is in this line: Inc(Offset, CalcFieldLen(DataType, Size) + 1); It just increases the offset without checking, if it causes a cycle getting an overflow when reaching values over 65535. To reproduce it, it should be enough to load a data with 22 WideString fields. Each of them is initialised by default to hold 1500 chars, each char takes 2 bytes. So 1500 * 2 * 22 = 66000 resulting in the buffer to be in between and corrupt memory. | ||||
| Tags | No tags attached. | ||||
|
|
Could you check if the issue is still present in the latest GIT content? If yes, please provide the zipped sources of an application showing this. |
|
|
In the current version this line mentioned seems to have been changed to this one: Inc(Offset, CalcFieldLen(FieldDefList[I].DataType, FieldDefList[I].Size) + 1); While it looks different is still doesn't check if the offset variable (which is a Word) overflows. There should be a if before actually incrementing offset ensuring that it is only incremented when it won't overflow. In case of an overflow raising an exception might be appropriate. |
|
|
I just created a pull request with a proposed fix for this. See here: https://github.com/project-jedi/jvcl/pull/92 |
|
|
Replaced pull request with this improved one: https://github.com/project-jedi/jvcl/pull/114 |
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2017-05-08 15:43 | rarog | New Issue | |
| 2018-07-18 15:57 | obones | Note Added: 0021531 | |
| 2018-07-18 15:57 | obones | Status | new => feedback |
| 2018-10-28 17:34 | mh | Note Added: 0021587 | |
| 2019-04-25 22:22 | mh | Note Added: 0021742 | |
| 2019-05-01 10:27 | mh | Note Added: 0021785 | |
| 2019-05-03 11:10 | obones | Status | feedback => resolved |
| 2019-05-03 11:10 | obones | Fixed in Version | => Daily / GIT |
| 2019-05-03 11:10 | obones | Resolution | open => fixed |
| 2019-05-03 11:10 | obones | Assigned To | => obones |
