Hide Forgot
1. bad use of sizeof => DriverManager/__info.c:3978 It looks like there should be used sizeof(*error_header) instead of sizeof(error_header). | void setup_error_head( EHEAD *error_header, void *handle, int type ) | { |- memset( error_header, 0, sizeof( error_header )); |+ memset( error_header, 0, sizeof( *error_header )); | | error_header -> owning_handle = handle; | error_header -> handle_type = type; 2. Bad negation of comparison. => DriverManager/SQLGetCursorName.c:188 => DriverManager/SQLGetCursorNameW.c:171 Result of '!buffer_length' is always 0 or 1. Never can be less than 0. | @@ -185,7 +185,7 @@ SQLRETURN SQLGetCursorName( SQLHSTMT statement_h.., | | thread_protect( SQL_HANDLE_STMT, statement ); | | - if ( !buffer_length < 0 ) | + if ( !(buffer_length < 0) ) | { | dm_log_write( __FILE__, | __LINE__, 3. Defect in Working with list => DriverManager/SQLConnect.c:2393 The variable 'env_lib_list' really looks like it may be equal to NULL, even if 'env_lib_prev' is non-NULL. Here is the case: (after that the while's breake will be achieved) | @@ -2303,6 +2303,9 @@ static void release_env( DMHDBC connection ) | } | env_lib_prev = env_lib_list; | env_lib_list = env_lib_list -> next; | + // this is it: ^^^^ | + // env_lib_list goes to NULL but env_lib_prev stays | + // non-NULL | } | } 4. Null dereference when error handling.. => Drivers/template/SQLAllocStmt.c:24 dereference of NULL pointer hDbc (hDbc->hLog). 5. Null dereference. => Drivers/template/SQLDescribeCol.c:49 dereference of the variable 'szColname' as strcpy target. 6. Null dereference => cur/SQLAllocStmt.c:74 | if (!cl_statement) { | cl_statement -> cl_connection -> ... | } 7. Missing break statement_handle => exe/isql.c:103 when '-3' parameter is passed it really looks that verbose mode is turned on because of falling through this.. 8. Static overrun => Drivers/Postgre7.1/info.c1010 | @@ -1007,7 +1007,7 @@ mylog("%s: entering...stmt=%u\n", func, stmt); | strcpy(prefixes, globals.extra_systable_prefixes); | i = 0; | prefix[i] = strtok(prefixes, ";"); | - while (prefix[i] && i<32) { | + while (prefix[i] && i<31) { | prefix[++i] = strtok(NULL, ";"); | } 9. Static overrun => Drivers/nn/convert.c:248/434 Bad walk through sqltype_idx_tab. It has only 7 items. 10. Sizeof mismatch => DriverManager/SQLGetStmtAttrW.c:322|329|336 Memcpy on line 322 will copy only first 8 bytes from statement->apd into value pointer destination. | memcpy( value, &statement -> apd, sizeof( SQLHANDLE )); 11. Stray semicolon => cur/SQLBindCol.c:89 12. Missing return statement => unixODBC-2.2.14/exe/isql.c:552 13. Array 'salt' is not initialized and is used => Drivers/PostgreSQL/results.c:743 | crypt( ci -> password, salt ); ^^^^
This request was evaluated by Red Hat Product Management for inclusion in the current release of Red Hat Enterprise Linux. Because the affected component is not scheduled to be updated in the current release, Red Hat is unfortunately unable to address this request at this time. Red Hat invites you to ask your support representative to propose this request, if appropriate and relevant, in the next release of Red Hat Enterprise Linux.
RHEL-5 has now entered production phase 2, in which only security and other critical bugs will be addressed. It doesn't look like any of these count as critical bugs. (Note that the worst ones are in the built-in drivers, which we consider deprecated anyway --- people should use mysql-connector-odbc64 or postgresql-odbc64.) Moving to RHEL-7 (and reassigning to unixODBC) where we can fix the remaining issues promptly.
Fixes pushed into F19, so they'll be there in RHEL-7.