您的位置:首页 > 编程语言 > Delphi

从DELPHI7至XE一直都有的BUG,关于DBX中使用的IsMultiTableQuery函数

2012-03-22 23:14 525 查看
函数中的

if (Start[0] = ',') or (Start[1] = ',') then
exit;


存在着读越界的可能,当读到一个非法内存就会报指针错。

BUG修复:

重写该函数:

function IsMultiTableQueryFix(const SQL: WideString): Boolean;
const
SInnerJoin = 'inner join ';       { do not localize }
SOuterJoin = 'outer join ';       { do not localize }
var
Start: PWideChar;
SResult, Token: WideString;
SQLToken, CurSection: TSQLToken;
begin
SResult := '';
Start := PWideChar(SQL);
CurSection := stUnknown;
Result := True;
repeat
SQLToken := NextSQLToken(Start, Token, CurSection);
if SQLToken in SQLSections then CurSection := SQLToken;
until SQLToken in [stEnd, stFrom];
if SQLToken = stFrom then
begin
repeat
SQLToken := NextSQLToken(Start, Token, CurSection);
if SQLToken in SQLSections then
CurSection := SQLToken else
// stValue is returned if TableNames contain quote chars.
if (SQLToken = stTableName) or (SQLToken = stValue) then
begin
SResult := Token;
while (Start[0] = '.') and not (SQLToken in [stEnd]) do
begin
SQLToken := NextSqlToken(Start, Token, CurSection);
SResult := SResult + '.' + Token;
end;
if(SQLToken = stTableName) then
begin
while(Start[0] = ' ') do
begin
Inc(Start);
end;
end;
if(Start[0] = #0) then
begin
Result := False;
exit;
end;
if (Start[0] = ',') then
exit;
SQLToken := NextSqlToken(Start, Token, CurSection);
if SQLToken in SQLSections then CurSection := SQLToken;
if Assigned(WStrPos(Start, SInnerJoin)) or
Assigned(WStrPos(Start, SOuterJoin)) then
Exit;
SQLToken := NextSqlToken(Start, Token, CurSection);
if (SQLToken = stTableName) then
Exit;
Result := False;
Exit;
end;
until (CurSection <> stFrom) or (SQLToken in [stEnd, stTableName]);
end;
end;


程序加载时修改函数头为长跳转

507272A0 >- E9 CBA0E8AF     jmp     xxx.xxxxx::IsMultiTableQueryFix>
内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 点击这里给我发消息
标签: 
相关文章推荐
新的分享
章节导航