Wrong parameter management in the engine / partial workaround in JayBird driver [CORE3099]

[firebird-automations]

Submitted by: Sylvain Dusart (sdusart)

Attachments:
FBParametersTestCase.java
testcase_output.txt
testcase_output_with_jaybird_workaround_removed.txt

Votes: 1

Hi,

there is, as explained in issues JDBC58 and CORE1217, a bug in Firebird engine : string parameters get truncated and this may lead to a FB server crash.

There is a workaround in JayBird (class org.firebirdsql.jdbc.field.FBWorkaroundStringField, method setString) to prevent server from crashing.
This method throws a java.sql.DataTruncation as soon as possible (before sending the sql request to the database server).
Workaround is :

if (data.length > field.sqllen && !isSystemTable(field.relname)) {
// special handling for the LIKE ? queries with CHAR(1) fields
if (!(value.length() <= field.sqllen + 2 && value.charAt(0) == '%' && value.charAt(value.length() - 1) == '%')) {
throw new DataTruncation(-1, true, false, data.length, field.sqllen);
}
}

Requests like "SELECT * FROM COMPANY WHERE NAME LIKE ?" with a parameter whose length is higher than the NAME column length should not fail but return an empty resultset.

I'll attach a java class to reproduce the parameter problem using JDK6 + JayBird 2.1.6 + FB 2.1.3.

If you run it with a patched JayBird driver (commented workaround lines in org.firebirdsql.jdbc.field.FBWorkaroundStringField), you'll see that insert or update queries do not fail if the new value length for the NAME column is 11 or 12 (data gets silently truncated to maximum length of 10 in the engine) but fail if new length is >= 13.

I'll try to reproduce the test case in Delphi.

Regards,

Sylvain

[firebird-automations]

Modified by: Sylvain Dusart (sdusart)

Attachment: FBParametersTestCase.java [ 11697 ]

[firebird-automations]

Modified by: Sylvain Dusart (sdusart)

Attachment: testcase_output.txt [ 11698 ]

Attachment: testcase_output_with_jaybird_workaround_removed.txt [ 11699 ]

[firebird-automations]

Commented by: @hvlad

Or give us test case where the engine crashed, or choose another words and don't shock people

[firebird-automations]

Commented by: Sylvain Dusart (sdusart)

I created this issue to summarize old issues. I just quoted comment of Alice F. Bird in JDBC58

"All Firebird versions marked the database connection invalid
(all subsequent operations on this connection throw
"operation was cancelled" exception and if I remember
correctly, 1.0.x versions simply crashed). Therefore it was
decided that JDBC driver does the check for the allowed
maximum length before sending data to the engine."

[firebird-automations]

Commented by: @hvlad

What is 1.0.x version ? I don't know :)

Again, think about another people.
If engine crashed - this is critical bug and it should be fixed ASAP. Else - don't use such words, please !

There is no needs to create new ticket just to summarize another ticket(s).
There is CORE1217 and you can add comments and attachments there is you wish.

[mrotteveel]

Duplicate (which IMHO describes the problem better): #1361