Hide Forgot
1) Possible null dereference in "insert_param()" => mysql-connector-odbc-3.51.26r1127/driver/execute.c:330|334|...|427 It may be an unrealistic condition to be the variable param->buffer equal to NULL (line 258) but if yes, this case should be properly handled. Callers of "insert_param()" are checking for zero-value also, should not there be on line 286 something like this only? | @@ -283,6 +283,7 @@ char *insert_param(DBC *dbc, char *to,PARAM_BIND *param) | else | { | length= 0; /* This is actually an error */ | + return 0; | } | } | else if ( *(param->actual_len) == SQL_NULL_DATA ) 2) Missing my_malloc return check => mysql-connector-odbc-3.51.26r1127/driver/cursor.c:332 3) Copy and paste error? => util/MYODBCUtilWriteDataSourceStr.c:71 Passing possible NULL pointer -- pDataSource->pszDATABASE -- into MYODBCUtilInsertStr(). Shouldn't there be the pDataSource->pszDESCRIPTION pointer? 4) Missing break statements I'm not sure about these defects .. it is usually not obvious if it is real or not. It would be good if somebody who is more involved in this tool could look at these.. => installer/myodbc3i.c:552 => installer/myodbc3i.c:738 => installer/myodbc3i.c:747 These problems were found in RHEL 5.8 by the Coverity tool. I've tried to keep only most serious looking ones.
This report was meant just for consideration, I don't insist on that anything has to be repaired.
It would be best to file this upstream (i.e., at bugs.mysql.com). I don't know this code well enough to evaluate anything subtle. (Although really they're not going to be very interested in reports against 3.51.26 ... have you tried a coverity run against current Fedora, which is 5.1.8?)
Yes, Fedora Rawhide scan of RHEL set of packages was done as well, recent results from F17 will be available soon. (including 5.1.8). Actually this one bugzilla was reported a bit accidently - Pavel did the full review as he thought that this is new package. As he filtered the false positives and prepared the list of most serious potential defects, I recommended him to report that for consideration by maintainer. Sorry for disturbing you. Feel free to close this bug WONTFIX, as these defects are not new and we are quite late in RHEL-5 release cycle.
This request was evaluated by Red Hat Product Management for inclusion in Red Hat Enterprise Linux 5.8 and Red Hat does not plan to fix this issue the currently developed update. Contact your manager or support representative in case you need to escalate this bug.
This request was evaluated by Red Hat Product Management for inclusion in the current release of Red Hat Enterprise Linux. Because the affected component is not scheduled to be updated in the current release, Red Hat is unfortunately unable to address this request at this time. Red Hat invites you to ask your support representative to propose this request, if appropriate and relevant, in the next release of Red Hat Enterprise Linux.
Filed upstream by Honza; closing this bug WONTFIX per comment #4.