From 8ebfd0821aca0a29555a119db87ddb552132c524 Mon Sep 17 00:00:00 2001
From: Michael Davidsaver <mdavidsaver@gmail.com>
Date: Tue, 4 Apr 2017 21:11:36 -0400
Subject: [PATCH] db: fix dbGet() for attributes as long string

dbGet() of "rec.RTYP$" with DBF_CHAR and nRequest==1
not handled correctly.  Results in crash.
---
 src/ioc/db/dbAccess.c | 19 +++++++++++--------
 1 file changed, 11 insertions(+), 8 deletions(-)

diff --git a/src/ioc/db/dbAccess.c b/src/ioc/db/dbAccess.c
index a13ea566d..97e9c9ad4 100644
--- a/src/ioc/db/dbAccess.c
+++ b/src/ioc/db/dbAccess.c
@@ -790,28 +790,31 @@ static long getAttrValue(DBADDR *paddr, short dbrType,
         char *pbuf, long *nRequest)
 {
     int maxlen;
+    long nReq = nRequest ? *nRequest : 1;
 
     if (!paddr->pfield) return S_db_badField;
 
     switch (dbrType) {
     case DBR_STRING:
-        maxlen = MAX_STRING_SIZE - 1;
-        if (nRequest && *nRequest > 1) *nRequest = 1;
+        maxlen = MAX_STRING_SIZE;
+        nReq = 1;
         break;
 
     case DBR_CHAR:
     case DBR_UCHAR:
-            if (nRequest && *nRequest > 0) {
-            maxlen = *nRequest - 1;
-            break;
-        }
+        maxlen = nReq;
+        break;
+
         /* else fall through ... */
     default:
         return S_db_badDbrtype;
     }
 
-    strncpy(pbuf, paddr->pfield, --maxlen);
-    pbuf[maxlen] = 0;
+    strncpy(pbuf, paddr->pfield, maxlen-1);
+    pbuf[maxlen-1] = 0;
+    if(dbrType!=DBR_STRING)
+        nReq = strlen(pbuf)+1;
+    if(nRequest) *nRequest = nReq;
     return 0;
 }