DAMemDataTable - TDAField.LoadFromStream cuts the blob value

callida · May 14, 2018, 3:24pm

Hello,
I have discovered a serious bug in the TDABlobStream implementation. If I try to write a blob binary value of a specific length, the value is cut (by one to five bytes) and the blob memory buffer is overrun. I have detected it on blob values containing Bin2Streamer’s data, causing the streamer to seriously malfunction (missing read size check).

I have prepared a small sample project to demonstrate the issue. The project just inserts one random value of the offending size. Later it checks for the insterted size. The overrun is not detected in most occasions.

Regard from Prague,
Jaroslav

RemObjectsSoftware · May 15, 2018, 8:25am

Thanks, logged as bugs://80161

EvgenyK · May 15, 2018, 8:35am

pls update uDAMemDataset.pas: replace this line in two TDABlobStream.Write methods:

else if Temp.size + SizeOf(TBLOBRecord) < Cardinal(FPosition + Count) then begin

with

else if Temp.size < Cardinal(FPosition + Count) then begin

RemObjectsSoftware · May 15, 2018, 8:36am

bugs://80161 got closed with status fixed.