A couple of places were missing NULL return value checks for
mdb_read_table()'s return value. Add these.
This fixes a NULL pointer deref while running ./test_script.sh
on the test mdb file from oss-fuzz/35972 .
Note this does NOT fix the original problem reported in oss-fuzz/35972
which reports a "Dynamic-stack-buffer-overflow WRITE 16" issue,
which I've been unable to reproduce.
The oss-fuzz/36187 attached
clusterfuzz-testcase-minimized-fuzz_mdb-4756071066501120
has a table with a map_sz of 0 and the g_memdup2 call returns NULL for
this, while mdb_map_find_next unconditionally derefs table->usage_map
to read the first byte which contains the map-type.
This leads to a NULL-ptr deref (at least with -fsanitize=address builds),
fix this by rejecting tables with a map_sz of 0.
Note this does NOT fix the original problem reported in oss-fuzz/36187
which reports a "Dynamic-stack-buffer-overflow WRITE 16" issue, which
I've been unable to reproduce.
mdbtools triggered
In function ‘printf’,
inlined from ‘mdb_dump_catalog’ at catalog.c:195:4:
/usr/include/powerpc64le-linux-gnu/bits/stdio2.h:112:10:
error: ‘%-12s’ directive argument is null [-Werror=format-overflow=]
112 | return __printf_chk (__USE_FORTIFY_LEVEL - 1, __fmt, __va_arg_pack ());
This is due to mdb_get_objtype_string potentially returning NULL
which isn't allowed anymore as it would cause a segfault on the latter
print.
Fixes: #352
Signed-off-by: Christian Ehrhardt <christian.ehrhardt@canonical.com>
Follow up be2a287f5c - it's hard to be sure from the commit message,
but I suspect the intention here was to reduce the number of indices
read in that particular situation, instead of allowing replacing
the number of real indices read direct from the table definition
with a larger number.
In any case, omitting a possible index definition which exists
is a safer approach then trying to read an index from non-index data.
Fixes#335
Use wcstombs and friends to perform Unicode conversion inside the ODBC
driver. Functionality should be identical as before, except that
installations without iconv will now be able to compile and install the
Unicode (libmdbodbcW) driver.
iconv remains present in the main libmdb library.
