From ea8fdd8fbb7d6a6e026cd88b8d0e1a1c7f84cc3b Mon Sep 17 00:00:00 2001
From: peace-maker <peace-maker@wcfan.de>
Date: Sun, 22 Jan 2017 23:27:31 -0700
Subject: [PATCH] Fix crash when a database transaction fails (bug 6531) (#577)

If one of the queries fails in a transaction, the DBI system would only allocate an array of the size of the amount of all the successful queries before the failed one. It writes data for all the queries though effectively writing past the array bounds leading to heap corruption.

Create the right sized array!
---
 core/logic/smn_database.cpp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/core/logic/smn_database.cpp b/core/logic/smn_database.cpp
index 90f75a95..5bfd5cd0 100644
--- a/core/logic/smn_database.cpp
+++ b/core/logic/smn_database.cpp
@@ -1726,7 +1726,7 @@ public:
 		{
 			HandleSecurity sec(ident_, g_pCoreIdent);
 
-			ke::AutoPtr<cell_t[]> data = ke::MakeUnique<cell_t[]>(results_.length());
+			ke::AutoPtr<cell_t[]> data = ke::MakeUnique<cell_t[]>(txn_->entries.length());
 			for (size_t i = 0; i < txn_->entries.length(); i++)
 				data[i] = txn_->entries[i].data;