Skip to Main Content

Buffer Overrun When Using SQLGetData via CRecordset::GetFieldValue

User_WCK0YJun 22 2021

Hello Everyone,
When using various Oracle Instant Client for Windows, versions up to and including the most recent 19.11 (e.g. 32 bit or 64 bit) on Windows 10, a buffer overrun condition occurs when passing the SQL_C_CHAR type to read an Oracle TIMESTAMP column. Per the ODBC 3.x specification, using SQL_C_CHAR is supposed to work, without an error for any type within the database. A Visual Studio 2019 solution is attached as a zip file. The single .cpp contains all of the logic.
If the CRecordset::GetFieldValue(short(0), val, SQL_C_CHAR) is invoked, then the overrun occurs. If the CRecordset::GetFieldValue(short(0), val) is invoked, then NO overrun occurs. The three parameter version is active in the cpp. Note that to observe the message, a DEBUG configuration has to be compiled. A release configuration does NOT demonstrate the detection of the overrun.
The comments within the GetRow() function contain the single table, single column SQL to create the test table and insert one row. It is assumed the Oracle Instant Client 19.11 with ODBC support is installed. If a different version, please adjust the DRIVER parameter in the connection string. The rest of the connection string has to be modified on a per test system basis.
Is there a work around to use the SQL_C_CHAR, three parameter version of the GetFieldValue function? If not, there is inconsistent behavior compared to the ODBC specification. Most likely there is a code change necessary in the Oracle Instant Client ODBC driver. Please resolve promptly. (36.88 KB)

Post Details
Added on Jun 22 2021