Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Server crash with isc_dsql_execute_immediate and zero length string [CORE1506] #1921

Closed
firebird-issue-importer opened this issue Sep 13, 2007 · 6 comments

Comments

@firebird-issue-importer

Submitted by: Claudio Valderrama C. (robocop)

We have a wonderful crash in the server if we use
isc_dsql_execute_immediate
with a zero length string (with a null string the client library crashes the
application in PREPARSE_execute).

The call stack in the server follows:

strlen() line 78
dsql8_execute_immediate_common(long * 0x0298f5fc, void * * 0x0243f488, void * * 0x0298f5dc, unsigned short 0, const char * 0x00000000, unsigned short 32, unsigned short 0, const unsigned char * 0x00000000, unsigned short 0, unsigned short 0, unsigned char * 0x00000000, unsigned short 0, unsigned char * 0x00000000, unsigned short 0, unsigned short 0, unsigned char * ...) line 667 +
dsql8_execute_immediate(long * 0x0298f5fc, void * * 0x0243f488, void * * 0x0298f5dc, unsigned short 0, const char * 0x00000000, unsigned short 32, unsigned short 0, const char * 0x00000000, unsigned short 0, unsigned short 0, char * 0x00000000, unsigned short 0, char * 0x00000000, unsigned short 0, unsigned short 0, char * 0x00000000) line 776 + 79 bytes
isc_dsql_exec_immed3_m(long * 0x0298f5fc, void * * 0x0243f488, void * * 0x0298f5dc, unsigned short 0, const char * 0x00000000, unsigned short 32, unsigned short 0, const char * 0x00000000, unsigned short 0, unsigned short 0, char * 0x00000000, unsigned short 0, char * 0x00000000, unsigned short 0, unsigned short 0, char * 0x00000000) line 2938 + 94 bytes
rem_port::execute_immediate(P_OP op_exec_immediate, p_sqlst * 0x0298fa94, packet * 0x0298fb44) line 2048
process_packet2(rem_port * 0x013a7eec, packet * 0x0298fb44, packet * 0x0298f890, rem_port * * 0x00000000) line 3611
process_packet(rem_port * 0x013a7eec, packet * 0x0298fb44, packet * 0x0298f890, rem_port * * 0x00000000) line 3363 + 21 bytes
SRVR_main(rem_port * 0x013a7eec, unsigned short 120) line 289 + 28 bytes

As seen, the error is the "remote" (server) layer around the engine.

In the client side we have this:

isc_dsql_exec_immed3_m(long * 0x00453214 long * isc_status, void * * 0x00454cb8 void * DB, void * * 0x00453210 M__trans, unsigned short 0, const char * 0x0110001f, unsigned short 3, unsigned short 0, const char * 0x00000000, unsigned short 0, unsigned short 0, char * 0x00000000, unsigned short 0, char * 0x00000000, unsigned short 0, unsigned short 0, char * 0x00000000) line 2869
isc_dsql_exec_immed2_m(long * 0x00453214 long * isc_status, void * * 0x00454cb8 void * DB, void * * 0x00453210 M__trans, unsigned short 0, const char * 0x0110001f, unsigned short 3, unsigned short 0, const char * 0x00000000, unsigned short 0, unsigned short 0, char * 0x00000000, unsigned short 0, char * 0x00000000, unsigned short 0, unsigned short 0, char * 0x00000000) line 2838
isc_dsql_exec_immed2(long * 0x00453214 long * isc_status, void * * 0x00454cb8 void * DB, void * * 0x00453210 M__trans, unsigned short 0, const char * 0x0110001f, unsigned short 3, XSQLDA * 0x00000000, XSQLDA * 0x00000000) line 2654 + 115 bytes
isc_dsql_execute_immediate(long * 0x00453214 long * isc_status, void * * 0x00454cb8 void * DB, void * * 0x00453210 M__trans, unsigned short 0, const char * 0x0110001f, unsigned short 3, XSQLDA * 0x00000000) line 2599
passthrough(const char * 0x0110001f) line 7643 + 35 bytes
frontend(const char * 0x01100014) line 5622 + 15 bytes
get_statement(char * const 0x01100014, const unsigned int 65535, const char * 0x0044c694) line 6180 + 9 bytes
do_isql() line 4888 + 20 bytes

but it's not clear to me why exec_immed2_m, when calling PREPARSE_execute, the error condition
set inside that function is lost and immed2_m proceeds to call exec_immed3_m anyways
(that in turn calls REM_execute_immediate2)

However, this client-side issue is no excuse for the server to crash.
To reproduce, simply type in a isql session

passthrough;

in the DEV build. This will send to the server the equivalent of this:
isc_dsql_execute_immediate(isc_status, &DB, &M__trans, 0, "", 3, NULL)

The error was reproduced in Windows 2000, with local protocol and TCP/IP connection
and it affects all FB versions I tested (from v1.0 to the latest developments) and
probably all IB versions.
The server should be more reliable. :-)

Commits: 46a5869 3fc846d 79f97a1

@firebird-issue-importer
Copy link
Author

@firebird-issue-importer firebird-issue-importer commented Jan 28, 2008

Modified by: @pcisar

Workflow: jira [ 13271 ] => Firebird [ 13994 ]

@firebird-issue-importer
Copy link
Author

@firebird-issue-importer firebird-issue-importer commented Sep 9, 2008

Modified by: @AlexPeshkoff

assignee: Alexander Peshkov [ alexpeshkoff ]

@firebird-issue-importer
Copy link
Author

@firebird-issue-importer firebird-issue-importer commented Sep 9, 2008

Modified by: @AlexPeshkoff

status: Open [ 1 ] => Resolved [ 5 ]

resolution: Fixed [ 1 ]

Fix Version: 2.5 Beta 1 [ 10251 ]

Fix Version: 2.1.2 [ 10270 ]

Fix Version: 2.0.5 [ 10222 ]

@firebird-issue-importer
Copy link
Author

@firebird-issue-importer firebird-issue-importer commented Nov 26, 2008

Modified by: @pcisar

status: Resolved [ 5 ] => Closed [ 6 ]

@firebird-issue-importer
Copy link
Author

@firebird-issue-importer firebird-issue-importer commented Jan 19, 2016

Modified by: @pavel-zotov

QA Status: No test

@firebird-issue-importer
Copy link
Author

@firebird-issue-importer firebird-issue-importer commented Mar 10, 2018

Modified by: @pavel-zotov

status: Closed [ 6 ] => Closed [ 6 ]

QA Status: No test => Done successfully

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment