Fix CLOB crash due to incorrectly sized buffer

Author: cjbj

src/dpi/include/dpiLob.h

@@ -67,13 +67,15 @@ class Lob
                    unsigned long long &byteAmount, 
                    unsigned long long &charAmount,
                    unsigned long long offset,
-                   void *buf);
+                   void *buf,
+                   unsigned long long bufl);
 
   static void write(DpiHandle *svch, DpiHandle *errh, Descriptor *lobLocator,
                     unsigned long long &byteAmount, 
                     unsigned long long &charAmount,
                     unsigned long long offset,
-                    void *buf);
+                    void *buf,
+                    unsigned long long bufl);
 
   static unsigned int chunkSize(DpiHandle *svch, DpiHandle *errh,
                                 Descriptor *lobLocator);

src/dpi/src/dpiLob.cpp

@@ -79,13 +79,12 @@ using namespace dpi;
 
 void Lob::read(DpiHandle *svch, DpiHandle *errh, Descriptor *lobLocator,
                unsigned long long &byteAmount, unsigned long long &charAmount,
-               unsigned long long offset, void *buf)
+               unsigned long long offset, void *buf, unsigned long long bufl)
 {
   ociCall(OCILobRead2((OCISvcCtx *)svch, (OCIError *)errh,
                       (OCILobLocator *)lobLocator, 
                       (oraub8 *)&byteAmount, (oraub8 *)&charAmount,
-                      // for CLOBs, buflen is sized to handle multi-byte charsets
-                      offset, buf, byteAmount ? byteAmount : charAmount*4,
+                      offset, buf, (oraub8)(byteAmount ? byteAmount : bufl),
                       OCI_ONE_PIECE, NULL, NULL, 0, SQLCS_IMPLICIT),
           (OCIError *)errh);
 }
@@ -127,13 +126,12 @@ void Lob::read(DpiHandle *svch, DpiHandle *errh, Descriptor *lobLocator,
 
 void Lob::write(DpiHandle *svch, DpiHandle *errh, Descriptor *lobLocator,
                 unsigned long long &byteAmount, unsigned long long &charAmount,
-                unsigned long long offset, void *buf)
+                unsigned long long offset, void *buf, unsigned long long bufl)
 {
   ociCall(OCILobWrite2((OCISvcCtx *)svch, (OCIError *)errh,
                       (OCILobLocator *)lobLocator, 
                       (oraub8 *)&byteAmount, (oraub8 *)&charAmount,
-                      // for CLOBs, buflen is sized to handle multi-byte charsets
-                      offset, buf, byteAmount ? byteAmount : charAmount*4, 
+                      offset, buf, (oraub8)(byteAmount ? byteAmount : bufl),
                       OCI_ONE_PIECE, NULL, NULL, 0, SQLCS_IMPLICIT),
           (OCIError *)errh);
 }

src/njs/src/njsIntLob.cpp

@@ -896,16 +896,19 @@ void ILob::Async_Read(uv_work_t *req)
   {
     unsigned long long byteAmount = (unsigned long int)iLob->bufSize_;
     unsigned long long charAmount = 0;
+    unsigned long long bufl = 0;
 
     // Clobs read by characters
     if (iLob->fetchType_ == DpiClob)
     {
       charAmount = iLob->bufSize_; 
       byteAmount = 0;
+      // for CLOBs, buflen is adjusted to handle multi-byte charsets
+      bufl = charAmount * iLob->dpiconn_->getByteExpansionRatio();
     }
     Lob::read((DpiHandle *)iLob->svch_, (DpiHandle *)iLob->errh_,
               (Descriptor *)iLob->lobLocator_, byteAmount, charAmount,
-              iLob->offset_, (void *)iLob->buf_);
+              iLob->offset_, (void *)iLob->buf_, bufl);
 
     // amountRead_ used in Async_AfterRead to construct string
     iLob->amountRead_ = (unsigned long)byteAmount;
@@ -1087,10 +1090,13 @@ void ILob::Async_Write(uv_work_t *req)
   {
     unsigned long long byteAmount = lobBaton->writelen;
     unsigned long long charAmount = 0; // interested in byte amount only
+    // for CLOBs, buflen is adjusted to handle multi-byte charsets
+    unsigned long long bufl = charAmount * 
+                               iLob->dpiconn_->getByteExpansionRatio();
 
     Lob::write((DpiHandle *)iLob->svch_, (DpiHandle *)iLob->errh_,
               (Descriptor *)iLob->lobLocator_, byteAmount, charAmount,
-              iLob->offset_, lobBaton->writebuf);
+              iLob->offset_, lobBaton->writebuf, bufl);
 
 
     iLob->amountWritten_ = (unsigned long)byteAmount;