Merge pull request #194 from evanmiller/bounds-check-mdb-sql-bind-column

[Updated] Bounds check mdb_sql_bind_column()
2026-03-10 00:20:54 +08:00 · 2020-11-14 08:16:53 -05:00
parent 7f32684213 12de22459a
commit 1efe8fc709
3 changed files with 20 additions and 12 deletions
--- a/src/odbc/odbc.c
+++ b/src/odbc/odbc.c
@@ -1037,11 +1037,8 @@ bind_columns(struct _hstmt *stmt)
 	if (stmt->rows_affected==0) {
 		cur = stmt->bind_head;
 		while (cur) {
-			if (cur->column_number>0 &&
-			    cur->column_number <= stmt->sql->num_columns) {
-				mdb_sql_bind_column(stmt->sql, cur->column_number,
-				                    cur->varaddr, cur->column_lenbind);
-			} else {
+			if (mdb_sql_bind_column(stmt->sql, cur->column_number,
+						cur->varaddr, cur->column_lenbind) == -1) {
 				/* log error ? */
 			}
 			cur = cur->next;