Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Access violation on UDF crashes server [CORE5234] #5513

Closed
firebird-issue-importer opened this issue May 9, 2016 · 19 comments
Closed

Access violation on UDF crashes server [CORE5234] #5513

firebird-issue-importer opened this issue May 9, 2016 · 19 comments

Comments

@firebird-issue-importer
Copy link

firebird-issue-importer commented May 9, 2016

Submitted by: Beto Neto (betoneto.tbo)

I have a UDF named jjwudf. Inside it we have this exported function:

procedure udf\_StrOfChr\(Ret, Ch: PChar; var Count: integer\); cdecl; export;
var
  I: integer;
begin
  if \(Ch^ = #&#x2060;0\) or \(Count <= 0\) then
    Ret^ := #&#x2060;0
  else begin
    for I := 1 to Count do begin
      Ret^ := Ch^;
      Inc\(Ret\);
    end;
    Ret^ := #&#x2060;0;
  end;
end;

And this is its DDL

DECLARE EXTERNAL FUNCTION UDF\_STROFCHAR
    CSTRING\(254\),
    CSTRING\(1\),
    INTEGER
RETURNS PARAMETER 1
ENTRY\_POINT 'udf\_StrOfChr' MODULE\_NAME 'jjwudf';    

It returns a string of the char repeated, see a usage example:

select udf\_StrOfChr\('a', 3\) from rdb$database

Returns "aaa"

When I use it on 2.x Firebird Servers, it works! But on Firebird 3.0 it crashes the server.

firebird.log

myvm Mon May 09 11:33:01 2016
The user defined function: UDF_STROFCHAR
referencing entrypoint: udf_StrOfChr
in module: jjwudf
caused the fatal exception: Access violation.
The code attempted to access a virtual
address without privilege to do so.
This exception will cause the Firebird server
to terminate abnormally.

Commits: db6debb 0db5c2d

@firebird-issue-importer
Copy link
Author

firebird-issue-importer commented May 9, 2016

Commented by: @livius2

It looks like support question...
Your udf doesn't allocate memory for parametr 1(ret)
You declare its max - and FB allocate only buffer for 'a' not 254 chars

but maybe i am wrong - then someone corrects me

@firebird-issue-importer
Copy link
Author

firebird-issue-importer commented May 16, 2016

Commented by: Beto Neto (betoneto.tbo)

Karol, the case is that it works on 2.x versions. This broked the compatibility.

@firebird-issue-importer
Copy link
Author

firebird-issue-importer commented May 18, 2016

Modified by: @hvlad

assignee: Vlad Khorsun [ hvlad ]

@firebird-issue-importer
Copy link
Author

firebird-issue-importer commented May 18, 2016

Commented by: @hvlad

Beto Neto,

please check next snapshot build.

@firebird-issue-importer
Copy link
Author

firebird-issue-importer commented May 18, 2016

Commented by: @hvlad

Karol,

when UDF declare output parameter as RETURNS PARAMETER N - engine allocates memory itself.

@firebird-issue-importer
Copy link
Author

firebird-issue-importer commented May 18, 2016

Modified by: @hvlad

status: Open [ 1 ] => Resolved [ 5 ]

resolution: Fixed [ 1 ]

Fix Version: 3.0.1 [ 10730 ]

Fix Version: 4.0 Alpha 1 [ 10731 ]

@firebird-issue-importer
Copy link
Author

firebird-issue-importer commented May 19, 2016

Commented by: Beto Neto (betoneto.tbo)

Fixed, thanks!

Tested with Firebird-3.0.1.32524-0_Win32

@firebird-issue-importer
Copy link
Author

firebird-issue-importer commented May 24, 2016

Modified by: @pavel-zotov

status: Resolved [ 5 ] => Resolved [ 5 ]

QA Status: No test => Cannot be tested

@firebird-issue-importer
Copy link
Author

firebird-issue-importer commented Jun 4, 2016

Commented by: @kattunga

I have exactly the same problem here but it is not fixed in latest snapshot build.
It is something related with freepascal 2.6 and linux.
I have an udf that works perfect for many years in firebird but now with firebird 3.0 superserver 64 bits on linux it raise exactly the same error that you post above (in firebird.log) and it crash the server.
For small resultseta the udf works as expected and returns the correct result but if you use it in a very large select, about 2 millon record, it makes the server crash.
After a complete day reworking the udf the only way i found to fix the issue was recompiling it with freepascal 3.0.

Now it works.

The problem is fixed for me but it sounds that some kind of compatibility was broken.

@firebird-issue-importer
Copy link
Author

firebird-issue-importer commented Jun 4, 2016

Commented by: @hvlad

Christian,

with no details we can't even diagnose an issue. Message in firebird.log say nothing about reasons, just a fact of AV cacthed at UDF call.

@firebird-issue-importer
Copy link
Author

firebird-issue-importer commented Jun 8, 2016

Commented by: @kattunga

Hi Vlad,

I think that the problem is with FreePascal, not with Firebird, I remember that I had this issue several times in the past years, it appears and disappears depending on the combination of Freepascal and Firebird versions.
There are several bug reports about udf's done with freepascal / kilix, for example CORE3646, CORE3071.

Now with Firebird 3.0 Superserver, If I compile with FreePascal 2.6.4, I can reproduce the issue with an udf so simple like:

function KPosInList(Str1, Str2: PChar): integer; cdecl;
var
SL: TStringList;
s1: AnsiString;
s2: AnsiString;
begin
if (Str1 = nil) or (Str2 = nil) then begin
Result := 0;
Exit;
end;

try
s1 := StrPas(Str1);
s2 := StrPas(Str2);

SL := TStringList\.Create;
try
  SL\.CommaText := s2;
  Result := SL\.IndexOf\(s1\)\+1;
finally
  SL\.Free;
end;

except
Result := 0;
end;
end;

it works fine for small resultsets, but on large resultsets it always raise:

the user defined function: K_POSINLIST
referencing entrypoint: KPosInList
in module: kibudf
caused the fatal exception: Segmentation Fault.
The code attempted to access memory
without privilege to do so.
This exception will cause the Firebird server
to terminate abnormally.

The problem disappear after compiling it with FreePascal 3.0.

The question is: is posible to avoid the Firebird Server crash and only return an error to the connection that execute the query?

Regards

@firebird-issue-importer
Copy link
Author

firebird-issue-importer commented Oct 31, 2016

Commented by: Vadim Mescheryakov (vadimmescheryakov)

I catched this error on Firebird 3.0.1.32609 / 64 bit (Windows)

But error do not ever when call udf function

SRV-DELFIN Mon Oct 31 13:51:58 2016
The user defined function: UDF_POS
referencing entrypoint: dfudf_Pos
in module: tbudf
caused the fatal exception: Access violation.
The code attempted to access a virtual
address without privilege to do so.
This exception will cause the Firebird server
to terminate abnormally.

SRV-DELFIN Mon Oct 31 13:51:58 2016
The user defined function: UDF_FORMATFLOAT
referencing entrypoint: dfudf_FormatFloat
in module: tbudf
caused the fatal exception: Access violation.
The code attempted to access a virtual
address without privilege to do so.
This exception will cause the Firebird server
to terminate abnormally.

SRV-DELFIN Mon Oct 31 13:51:58 2016
The user defined function: UDF_POS
referencing entrypoint: dfudf_Pos
in module: tbudf
caused the fatal exception: Access violation.
The code attempted to access a virtual
address without privilege to do so.
This exception will cause the Firebird server
to terminate abnormally.

@firebird-issue-importer
Copy link
Author

firebird-issue-importer commented Nov 1, 2016

Commented by: @hvlad

Vadim,

firebird.log is clear - all AV's was catched when UDF's called
Do you have something we could look at ? Reproducible example, memory dump...

Also, it is important to know - what compiler was used to build UDF

@firebird-issue-importer
Copy link
Author

firebird-issue-importer commented Apr 17, 2018

Commented by: Beto Neto (betoneto.tbo)

Now I'm getting this error on Firebird LI-V2.5.8.27089

This is the firebird.log

dba301515fae Tue Apr 17 08:36:11 2018
The user defined function: UDF_TRIM
referencing entrypoint: udf_Trim
in module: jjwudf
caused the fatal exception: Segmentation Fault.
The code attempted to access memory
without privilege to do so.
This exception will cause the Firebird server
to terminate abnormally.

dba301515fae (Client) Tue Apr 17 08:36:12 2018
/usr/local/firebird/bin/fbguard: /usr/local/firebird/bin/fb_smp_server terminated abnormally (-1)

dba301515fae (Client) Tue Apr 17 08:36:12 2018
/usr/local/firebird/bin/fbguard: guardian starting /usr/local/firebird/bin/fb_smp_server

And this is the UDF source (lazarus/free pascal)

function udf_Trim(Str: PChar): PChar; cdecl; export;
begin
Result := Str;
StrPCopy(Str, Trim(Str));
end;

This crash occurrs randomly.

@firebird-issue-importer
Copy link
Author

firebird-issue-importer commented Apr 17, 2018

Modified by: Beto Neto (betoneto.tbo)

Version: 2.5.8 [ 10809 ]

@firebird-issue-importer
Copy link
Author

firebird-issue-importer commented Apr 17, 2018

Modified by: Beto Neto (betoneto.tbo)

priority: Blocker [ 1 ] => Critical [ 2 ]

@firebird-issue-importer
Copy link
Author

firebird-issue-importer commented Apr 17, 2018

Commented by: @hvlad

The log message is clear, isn't is ?

What is value of BugcheckAbort setting ?

Does UDF have IsMultythreaded := true ?
Or its FPC equivalent.

And, please, don't put all and every issues related with AV in UDF into this ticket.

@firebird-issue-importer
Copy link
Author

firebird-issue-importer commented Apr 18, 2018

Commented by: Beto Neto (betoneto.tbo)

The log message is clear, isn't is ?
- Sorry, I'm not acquainted with lazarus/free pascal.

What is value of BugcheckAbort setting ?
- How can I find this? Is a compiler option?

Does UDF have IsMultythreaded := true ?
- There was no code setting this, now I have turned it on.

Or its FPC equivalent.
- ?

And, please, don't put all and every issues related with AV in UDF into this ticket.
- Sorry again.

@firebird-issue-importer
Copy link
Author

firebird-issue-importer commented Apr 20, 2018

Commented by: @hvlad

> The log message is clear, isn't is ?
> - Sorry, I'm not acquainted with lazarus/free pascal.
I refer to the message from firebird.log you showed

> What is value of BugcheckAbort setting ?
> - How can I find this? Is a compiler option?
This is setting at firebird.conf

> Does UDF have IsMultythreaded := true ?
> - There was no code setting this, now I have turned it on.
Very good

Please, next time ask at fb-support list first, until you 100% sure there is a bug.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment