patch from Stefan Kratochwil <entwicklung@inovel.de> : canfestival-3-fm3_698.patch
Bug:
If an object dictionary entry was requested whose size exceeds
SDO_MAX_LENGTH_TRANSFERT, the memcpy() call at line 139 of objacces.c overwrites
the memory after *pDestData which causes stack corruption.
-> Bugfix:
The bug was corrected by size checking the requested data. An 'Out of
memory' error message will be generated if the requested data exceeds
SDO_MAX_LENGTH_TRANSFERT.
Additional changes:
Added dynamic buffer allocation for the SDO transfer. This feature can be used
if SDO_DYNAMIC_BUFFER_ALLOCATION is defined in config.h. The size of the
dynamically allocated buffer is controlled with
SDO_DYNAMIC_BUFFER_ALLOCATION_SIZE.
-> Note:
This change removes the detection of OD_LENGTH_DATA_INVALID errors!
(binary:application/vnd.oasis.opendocument.graphics)