Firebird 4.0.3 is constantly crashing with the same symptoms (fbclient.dll) (incl. DMP File Analysis)

[gitnol]

Hi Everyone,

first i want to say sorry for my english. i am not a native speaker and not a (hardcore) developer at all. I hope you have more knowledge and can help.

The error is an INVALID_POINTER_READ exception that indicates a memory access at an invalid address.
The exception occurs in the memcpy function in VCRUNTIME140.dll.

But on every crash, there are the same informations in the DMP Files which i analyzed via Windbg.

It seems, that everytime a thread_start occurs and shortly after from the fbclient.dll the functions isc_attach_database, isc_version and isc_wait_for_event are being calles. After that, the memcpy i called and the firebird process crashes.

a excerpt, full analysis below.:
---snip---
VCRUNTIME140!memcpy+0x5e7 [D:\a_work\1\s\src\vctools\crt\vcruntime\src\string\amd64\memcpy.asm @ 721]
fbclient!isc_wait_for_event+0x12e10
fbclient!isc_wait_for_event+0x122ec
fbclient!isc_wait_for_event+0x120de
fbclient!isc_version+0x14033
fbclient!isc_version+0x13eee
fbclient!isc_attach_database+0x301
---snap---

I think i can not answer deep questions, but i hope that there is a easy answer like: "oh i see... there is a memcpy function call in isc_wait_for_event and i can fix this"... but right now... i am a litte bit frustrated and need urgend help or advice.

Details

` Loading Dump File [D:\AVERP_DUMPS\firebird.exe_231004_132445.dmp] User Mini Dump File with Full Memory: Only application data is available

Comment: '
*** c:\install\SysinternalsSuite\procdump64.exe -e -ma -w firebird.exe
*** Unhandled exception: C0000005.ACCESS_VIOLATION'

************* Path validation summary **************
Response Time (ms) Location
Deferred srvD:\AVERP_DUMPS\Firebird-4.0.3.2975-0-x64-pdbD:\AVERP_DUMPS\Firebird-3.0.10.33601-0_x64_pdbhttp://msdl.microsoft.com/download/symbols
Symbol search path is: srvD:\AVERP_DUMPS\Firebird-4.0.3.2975-0-x64-pdbD:\AVERP_DUMPS\Firebird-3.0.10.33601-0_x64_pdbhttp://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 10 Version 20348 MP (16 procs) Free x64
Product: Server, suite: TerminalServer DataCenter SingleUserTS
Edition build lab: 20348.1.amd64fre.fe_release.210507-1500
Debug session time: Wed Oct 4 13:24:46.000 2023 (UTC + 2:00)
System Uptime: 16 days 23:56:45.899
Process Uptime: 0 days 0:07:57.000
............................................................
This dump file has an exception of interest stored in it.
The stored exception information can be accessed via .ecxr.
(cf0.1f90): Access violation - code c0000005 (first/second chance not available)
For analysis of this file, run !analyze -v
*** WARNING: Unable to verify checksum for fbclient.dll
VCRUNTIME140!memcpy+0x5e7:
00007ff970cd18f7 0f104411f0 movups xmm0,xmmword ptr [rcx+rdx-10h] ds:0000000614bffff0=????????????????????????????????
0:022> !analyze -v

---

•                                                                         *
  

•                    Exception Analysis                                   *
  

•                                                                         *
  

---

KEY_VALUES_STRING: 1

Key  : AV.Fault
Value: Read

Key  : Analysis.CPU.mSec
Value: 1124

Key  : Analysis.Elapsed.mSec
Value: 1238

Key  : Analysis.IO.Other.Mb
Value: 0

Key  : Analysis.IO.Read.Mb
Value: 36

Key  : Analysis.IO.Write.Mb
Value: 36

Key  : Analysis.Init.CPU.mSec
Value: 718

Key  : Analysis.Init.Elapsed.mSec
Value: 5913

Key  : Analysis.Memory.CommitPeak.Mb
Value: 101

Key  : Failure.Bucket
Value: INVALID_POINTER_READ_c0000005_VCRUNTIME140.dll!memcpy

Key  : Failure.Hash
Value: {6cc7063a-c9e9-809b-b45d-40b8348a9d9b}

Key  : Timeline.OS.Boot.DeltaSec
Value: 1468605

Key  : Timeline.Process.Start.DeltaSec
Value: 477

Key  : WER.OS.Branch
Value: fe_release

Key  : WER.OS.Version
Value: 10.0.20348.1

Key  : WER.Process.Version
Value: 4.0.3.2975

FILE_IN_CAB: firebird.exe_231004_132445.dmp

COMMENT:
*** c:\install\SysinternalsSuite\procdump64.exe -e -ma -w firebird.exe
*** Unhandled exception: C0000005.ACCESS_VIOLATION

NTGLOBALFLAG: 0

APPLICATION_VERIFIER_FLAGS: 0

CONTEXT: (.ecxr)
rax=0000000714c0ab01 rbx=000000060736dac0 rcx=000000061aa30000
rdx=fffffffffa1d0000 rsi=0000000614c10030 rdi=00000000ffffaae1
rip=00007ff970cd18f7 rsp=000000060736d668 rbp=00000000ffffaae1
r8=00000000ffffaad0 r9=00000000000bc3ff r10=000000060ede0030
r11=0000000614c10030 r12=000000060736dd90 r13=000000060ede0030
r14=000000060ede0030 r15=000000060ede0030
iopl=0 nv up ei pl nz ac po nc
cs=0033 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00010214
VCRUNTIME140!memcpy+0x5e7:
00007ff970cd18f7 0f104411f0 movups xmm0,xmmword ptr [rcx+rdx-10h] ds:0000000614bffff0=????????????????????????????????
Resetting default scope

EXCEPTION_RECORD: (.exr -1)
ExceptionAddress: 00007ff970cd18f7 (VCRUNTIME140!memcpy+0x00000000000005e7)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 0000000000000000
Parameter[1]: 0000000614bffff0
Attempt to read from address 0000000614bffff0

PROCESS_NAME: firebird.exe

READ_ADDRESS: 0000000614bffff0

ERROR_CODE: (NTSTATUS) 0xc0000005 - Die Anweisung in 0x%p verwies auf Arbeitsspeicher bei 0x%p. Der Vorgang %s konnte im Arbeitsspeicher nicht durchgef hrt werden.

EXCEPTION_CODE_STR: c0000005

EXCEPTION_PARAMETER1: 0000000000000000

EXCEPTION_PARAMETER2: 0000000614bffff0

STACK_TEXT:
000000060736d668 00007ff971a975c0 : 00007ff971b72e60 00000000ffffaaf0 000000060736d65c 0000002000000007 : VCRUNTIME140!memcpy+0x5e7
000000060736d670 00007ff971a96a9c : 000000060736da80 000000060ede0030 00007ff971b72e58 0000000000000000 : fbclient!isc_wait_for_event+0x12e10
000000060736d6a0 00007ff971a9688e : 0000000000100000 00007ff971b72e58 0000000000000000 000000060736d758 : fbclient!isc_wait_for_event+0x122ec
000000060736d6d0 00007ff971a63a23 : 000000060736da80 000000060b4b7b20 000000060736e560 000000060736df3c : fbclient!isc_wait_for_event+0x120de
000000060736d720 00007ff971a638de : 000000060736f700 00007ff971a76de9 0000000000000030 00007ff971be11a0 : fbclient!isc_version+0x14033
000000060736dd10 00007ff971a7b331 : 000000060b4b7b20 000000060736e560 0000000608d1d1fc 000000060ebf93f0 : fbclient!isc_version+0x13eee
000000060736dd50 00007ff9548356e9 : 000000060736f700 00007ff9548374e7 0000000000000000 0000000000000000 : fbclient!isc_attach_database+0x301
000000060736dfc0 00007ff954837bc8 : 00000004069d93c0 00000003a86987f8 00000003a8698838 00000004069d93c0 : engine13+0x1e56e9
000000060736e0d0 00007ff95482a317 : 000000060736e530 000000060736e560 000000060736e530 0000000608d1d1b0 : engine13+0x1e7bc8
000000060736e410 00007ff95482c0f5 : 0000000608d1d1b0 000000060736f700 0000000000000000 00000000eb695639 : engine13+0x1da317
000000060736e460 00007ff9547b7cf9 : 0000000000000000 0000000000000000 0000000000000000 00007ff900000000 : engine13+0x1dc0f5
000000060736e670 00007ff954822b6f : 0000000413462480 000000024efd45b0 000000060ad3c440 0000000413462810 : engine13+0x167cf9
000000060736e850 00007ff954824484 : 000000060736f700 000000060ad3c440 0000000413462810 00000000799f3970 : engine13+0x1d2b6f
000000060736e930 00007ff9548241bb : 0000000000000040 00000004099454c0 00000000000004a8 00007ff9549bcaf9 : engine13+0x1d4484
000000060736e990 00007ff954822e6b : 000000060736f700 0000000000000000 000000040998f940 00007ff95495de4c : engine13+0x1d41bb
000000060736e9f0 00007ff9548e67de : 000000060736f700 000000060ad3c440 0000000255ccd730 00000000000004b0 : engine13+0x1d2e6b
000000060736eaa0 00007ff9548e5b41 : 00007ff95481c690 0000000255ccd730 000000060736f700 000000060884315c : engine13!firebird_plugin+0x57ebe
000000060736ebb0 00007ff9548df639 : 000000060736f700 000000060736f700 000000060ad3a4c0 00000000799f3970 : engine13!firebird_plugin+0x57221
000000060736ebf0 00007ff9548df704 : 0000000000000000 0000287568478317 000000060736f700 0000000000000000 : engine13!firebird_plugin+0x50d19
000000060736ec40 00007ff9548e97f8 : 000000060736f700 000000024efdfa70 000000060ad3a4c0 00007ff9548dfc19 : engine13!firebird_plugin+0x50de4
000000060736ec70 00007ff9548de86d : 0000000608843180 00007ff9548deba1 fffffffffffffffe 00007ff9547227c6 : engine13!firebird_plugin+0x5aed8
000000060736eca0 00007ff9547b7fe2 : 0000000608843198 0000000608843198 000000040998f940 0000000255ccd930 : engine13!firebird_plugin+0x4ff4d
000000060736ece0 00007ff954822b6f : 0000000255ccd930 000000060ec22a48 000000060ad3a4c0 00000000799f3970 : engine13+0x167fe2
000000060736ed20 00007ff954824484 : 000000060736f700 000000060ad3a4c0 0000000255ccd930 000000060a7c6190 : engine13+0x1d2b6f
000000060736ee00 00007ff9548241bb : 0000000000000040 00000004099454c0 000000000000000a 00007ff9549bcaf9 : engine13+0x1d4484
000000060736ee60 00007ff954822e6b : 000000060736f700 0000000000000000 000000040998f940 00007ff95495de4c : engine13+0x1d41bb
000000060736eec0 00007ff9548e67de : 000000060736f700 000000060ad3a4c0 0000000000000000 000000060000000a : engine13+0x1d2e6b
000000060736ef70 00007ff9548e97f8 : 000000060ed7b3e8 000000060ed7b408 000000060736f700 000000060736f700 : engine13!firebird_plugin+0x57ebe
000000060736f080 00007ff95475188a : 000000060ed0c1c0 0000000000000000 000000060ed0c1c0 000000060736f700 : engine13!firebird_plugin+0x5aed8
000000060736f0b0 00007ff954718d56 : 000000060ec43c50 000000060736f700 000000060ed0c1c0 0000000400000008 : engine13+0x10188a
000000060736f150 00007ff954820f8c : 000000060ed0c1c0 000000060ec057a0 000000060ec055f0 000000060736f700 : engine13+0xc8d56
000000060736f180 00007ff9547b7476 : 000000060ec21e68 000000060eb65f90 000000060ed0c1c0 000000060736f700 : engine13+0x1d0f8c
000000060736f1c0 00007ff954822b6f : 000000060eb65f90 000000060736f529 000000060ed0c1c0 000000060a7c6190 : engine13+0x167476
000000060736f1f0 00007ff954824484 : 000000060736f700 000000060ed0c1c0 000000060eb65f90 000000048acafa90 : engine13+0x1d2b6f
000000060736f2d0 00007ff9548241bb : 0000019000000190 000000046397f240 fffffffffffffffe 00007ff954ae7b68 : engine13+0x1d4484
000000060736f330 00007ff954822e6b : 000000060736f700 000000000000c0a1 000000040998f940 000000000120e160 : engine13+0x1d41bb
000000060736f390 00007ff95486d444 : 000000060736f700 000000060ed0c1c0 fffffffffffffffe 0000000000007c1c : engine13+0x1d2e6b
000000060736f440 00007ff95472d701 : 0000000000000000 000000048acafa90 00007ff954af1280 000000048acafa90 : engine13+0x21d444
000000060736f480 00007ff95473e6f8 : 00000002e51ca680 000000060736f898 00000002ed6b0040 000000060eb63df0 : engine13+0xdd701
000000060736f590 00007ff954879305 : 000000060736f610 000000058f371140 000000060736f828 000000060736fa90 : engine13+0xee6f8
000000060736f5c0 00007ff95487213f : 000000058f371148 000000060736fa90 00000002ed6b0040 00007ff971a063eb : engine13+0x229305
000000060736f870 00007ff971a6ded2 : 000000060736f958 0000000060f1b718 000000060736f958 000000060736f958 : engine13+0x22213f
000000060736f8d0 00007ff971a669ff : 0000000549bc0e98 000000060736f958 00000002ed6b0040 0000000140049edc : fbclient!isc_version+0x1e4e2
000000060736f930 000000014001ccc6 : 000000013bc212a0 000000060736fa90 00000001af4547d8 000000006ab66940 : fbclient!isc_version+0x1700f
000000060736f990 000000014002116e : 000000060b4b7b20 000000006ab66940 000000013cb2d7c0 000000006ab66940 : firebird+0x1ccc6
000000060736fb30 000000014001f80b : 0000000001630440 00000001af4547c0 00000001af4547c0 00000000016304c0 : firebird+0x2116e
000000060736fdd0 000000014003ed25 : 000000000000003a 0000000000000000 00000000016304c0 0000000000000000 : firebird+0x1f80b
000000060736fec0 00007ff978a36b4c : 0000000316e7da40 000000000018b080 0000000000000000 0000000000000000 : firebird+0x3ed25
000000060736ff00 00007ff979bc4de0 : 0000000000000000 0000000000000000 0000000000000000 0000000000000000 : ucrtbase!thread_start<unsigned int (__cdecl*)(void *),1>+0x4c
000000060736ff30 00007ff97b2fec0b : 0000000000000000 0000000000000000 0000000000000000 0000000000000000 : kernel32!BaseThreadInitThunk+0x10
000000060736ff60 0000000000000000 : 0000000000000000 0000000000000000 0000000000000000 0000000000000000 : ntdll!RtlUserThreadStart+0x2b

FAULTING_SOURCE_LINE: D:\a_work\1\s\src\vctools\crt\vcruntime\src\string\amd64\memcpy.asm

FAULTING_SOURCE_FILE: D:\a_work\1\s\src\vctools\crt\vcruntime\src\string\amd64\memcpy.asm

FAULTING_SOURCE_LINE_NUMBER: 721

FAULTING_SOURCE_CODE:
No source found for 'D:\a_work\1\s\src\vctools\crt\vcruntime\src\string\amd64\memcpy.asm'

SYMBOL_NAME: VCRUNTIME140!memcpy+5e7

MODULE_NAME: VCRUNTIME140

IMAGE_NAME: VCRUNTIME140.dll

STACK_COMMAND: ~22s; .ecxr ; kb

FAILURE_BUCKET_ID: INVALID_POINTER_READ_c0000005_VCRUNTIME140.dll!memcpy

OS_VERSION: 10.0.20348.1

BUILDLAB_STR: fe_release

OSPLATFORM_TYPE: x64

OSNAME: Windows 10

IMAGE_VERSION: 14.36.32532.0

FAILURE_ID_HASH: {6cc7063a-c9e9-809b-b45d-40b8348a9d9b}

Followup: MachineOwner

0:022> kb

RetAddr : Args to Child : Call Site

00 00007ff971a975c0 : 00007ff971b72e60 00000000ffffaaf0 000000060736d65c 0000002000000007 : VCRUNTIME140!memcpy+0x5e7 [D:\a\_work\1\s\src\vctools\crt\vcruntime\src\string\amd64\memcpy.asm @ 721] 01 00007ff971a96a9c : 000000060736da80 000000060ede0030 00007ff971b72e58 0000000000000000 : fbclient!isc_wait_for_event+0x12e10
02 00007ff971a9688e : 0000000000100000 00007ff971b72e58 0000000000000000 000000060736d758 : fbclient!isc_wait_for_event+0x122ec 03 00007ff971a63a23 : 000000060736da80 000000060b4b7b20 000000060736e560 000000060736df3c : fbclient!isc_wait_for_event+0x120de
04 00007ff971a638de : 000000060736f700 00007ff971a76de9 0000000000000030 00007ff971be11a0 : fbclient!isc_version+0x14033 05 00007ff971a7b331 : 000000060b4b7b20 000000060736e560 0000000608d1d1fc 000000060ebf93f0 : fbclient!isc_version+0x13eee
06 00007ff9548356e9 : 000000060736f700 00007ff9548374e7 0000000000000000 0000000000000000 : fbclient!isc_attach_database+0x301 07 00007ff954837bc8 : 00000004069d93c0 00000003a86987f8 00000003a8698838 00000004069d93c0 : engine13+0x1e56e9
08 00007ff95482a317 : 000000060736e530 000000060736e560 000000060736e530 0000000608d1d1b0 : engine13+0x1e7bc8 09 00007ff95482c0f5 : 0000000608d1d1b0 000000060736f700 0000000000000000 00000000eb695639 : engine13+0x1da317
0a 00007ff9547b7cf9 : 0000000000000000 0000000000000000 0000000000000000 00007ff900000000 : engine13+0x1dc0f5 0b 00007ff954822b6f : 0000000413462480 000000024efd45b0 000000060ad3c440 0000000413462810 : engine13+0x167cf9
0c 00007ff954824484 : 000000060736f700 000000060ad3c440 0000000413462810 00000000799f3970 : engine13+0x1d2b6f 0d 00007ff9548241bb : 0000000000000040 00000004099454c0 00000000000004a8 00007ff9549bcaf9 : engine13+0x1d4484
0e 00007ff954822e6b : 000000060736f700 0000000000000000 000000040998f940 00007ff95495de4c : engine13+0x1d41bb 0f 00007ff9548e67de : 000000060736f700 000000060ad3c440 0000000255ccd730 00000000000004b0 : engine13+0x1d2e6b
10 00007ff9548e5b41 : 00007ff95481c690 0000000255ccd730 000000060736f700 000000060884315c : engine13!firebird_plugin+0x57ebe 11 00007ff9548df639 : 000000060736f700 000000060736f700 000000060ad3a4c0 00000000799f3970 : engine13!firebird_plugin+0x57221
12 00007ff9548df704 : 0000000000000000 0000287568478317 000000060736f700 0000000000000000 : engine13!firebird_plugin+0x50d19 13 00007ff9548e97f8 : 000000060736f700 000000024efdfa70 000000060ad3a4c0 00007ff9548dfc19 : engine13!firebird_plugin+0x50de4
14 00007ff9548de86d : 0000000608843180 00007ff9548deba1 fffffffffffffffe 00007ff9547227c6 : engine13!firebird_plugin+0x5aed8 15 00007ff9547b7fe2 : 0000000608843198 0000000608843198 000000040998f940 0000000255ccd930 : engine13!firebird_plugin+0x4ff4d
16 00007ff954822b6f : 0000000255ccd930 000000060ec22a48 000000060ad3a4c0 00000000799f3970 : engine13+0x167fe2 17 00007ff954824484 : 000000060736f700 000000060ad3a4c0 0000000255ccd930 000000060a7c6190 : engine13+0x1d2b6f
18 00007ff9548241bb : 0000000000000040 00000004099454c0 000000000000000a 00007ff9549bcaf9 : engine13+0x1d4484 19 00007ff954822e6b : 000000060736f700 0000000000000000 000000040998f940 00007ff95495de4c : engine13+0x1d41bb
1a 00007ff9548e67de : 000000060736f700 000000060ad3a4c0 0000000000000000 000000060000000a : engine13+0x1d2e6b 1b 00007ff9548e97f8 : 000000060ed7b3e8 000000060ed7b408 000000060736f700 000000060736f700 : engine13!firebird_plugin+0x57ebe
1c 00007ff95475188a : 000000060ed0c1c0 0000000000000000 000000060ed0c1c0 000000060736f700 : engine13!firebird_plugin+0x5aed8 1d 00007ff954718d56 : 000000060ec43c50 000000060736f700 000000060ed0c1c0 0000000400000008 : engine13+0x10188a
1e 00007ff954820f8c : 000000060ed0c1c0 000000060ec057a0 000000060ec055f0 000000060736f700 : engine13+0xc8d56 1f 00007ff9547b7476 : 000000060ec21e68 000000060eb65f90 000000060ed0c1c0 000000060736f700 : engine13+0x1d0f8c
20 00007ff954822b6f : 000000060eb65f90 000000060736f529 000000060ed0c1c0 000000060a7c6190 : engine13+0x167476 21 00007ff954824484 : 000000060736f700 000000060ed0c1c0 000000060eb65f90 000000048acafa90 : engine13+0x1d2b6f
22 00007ff9548241bb : 0000019000000190 000000046397f240 fffffffffffffffe 00007ff954ae7b68 : engine13+0x1d4484 23 00007ff954822e6b : 000000060736f700 000000000000c0a1 000000040998f940 000000000120e160 : engine13+0x1d41bb
24 00007ff95486d444 : 000000060736f700 000000060ed0c1c0 fffffffffffffffe 0000000000007c1c : engine13+0x1d2e6b 25 00007ff95472d701 : 0000000000000000 000000048acafa90 00007ff954af1280 000000048acafa90 : engine13+0x21d444
26 00007ff95473e6f8 : 00000002e51ca680 000000060736f898 00000002ed6b0040 000000060eb63df0 : engine13+0xdd701 27 00007ff954879305 : 000000060736f610 000000058f371140 000000060736f828 000000060736fa90 : engine13+0xee6f8
28 00007ff95487213f : 000000058f371148 000000060736fa90 00000002ed6b0040 00007ff971a063eb : engine13+0x229305 29 00007ff971a6ded2 : 000000060736f958 0000000060f1b718 000000060736f958 000000060736f958 : engine13+0x22213f
2a 00007ff971a669ff : 0000000549bc0e98 000000060736f958 00000002ed6b0040 0000000140049edc : fbclient!isc_version+0x1e4e2 2b 000000014001ccc6 : 000000013bc212a0 000000060736fa90 00000001af4547d8 000000006ab66940 : fbclient!isc_version+0x1700f
2c 000000014002116e : 000000060b4b7b20 000000006ab66940 000000013cb2d7c0 000000006ab66940 : firebird+0x1ccc6 2d 000000014001f80b : 0000000001630440 00000001af4547c0 00000001af4547c0 00000000016304c0 : firebird+0x2116e
2e 000000014003ed25 : 000000000000003a 0000000000000000 00000000016304c0 0000000000000000 : firebird+0x1f80b 2f 00007ff978a36b4c : 0000000316e7da40 000000000018b080 0000000000000000 0000000000000000 : firebird+0x3ed25
30 00007ff979bc4de0 : 0000000000000000 0000000000000000 0000000000000000 0000000000000000 : ucrtbase!thread_start<unsigned int (__cdecl*)(void *),1>+0x4c 31 00007ff97b2fec0b : 0000000000000000 0000000000000000 0000000000000000 0000000000000000 : kernel32!BaseThreadInitThunk+0x10
32 0000000000000000 : 0000000000000000 0000000000000000 0000000000000000 0000000000000000 : ntdll!RtlUserThreadStart+0x2b 0:022> lmvm VCRUNTIME140 Browse full module list start end module name 00007ff970cd0000 00007ff970ceb000 VCRUNTIME140 (private pdb symbols) d:\averp_dumps\firebird-4.0.3.2975-0-x64-pdb\vcruntime140.amd64.pdb\38DD49151CC8F884F457AEB14C69A0F01\vcruntime140.amd64.pdb Loaded symbol image file: VCRUNTIME140.dll Image path: C:\Windows\System32\VCRUNTIME140.dll Image name: VCRUNTIME140.dll Browse all global symbols functions data Image was built with /Brepro flag. Timestamp: C94BF788 (This is a reproducible build file hash, not a timestamp) CheckSum: 0001BF13 ImageSize: 0001B000 File version: 14.36.32532.0 Product version: 14.36.32532.0 File flags: 0 (Mask 3F) File OS: 4 Unknown Win32 File type: 2.0 Dll File date: 00000000.00000000 Translations: 0409.04b0 Information from resource tables: CompanyName: Microsoft Corporation ProductName: Microsoft® Visual Studio® InternalName: vcruntime140.dll OriginalFilename: vcruntime140.dll ProductVersion: 14.36.32532.0 FileVersion: 14.36.32532.0 FileDescription: Microsoft® C Runtime Library LegalCopyright: © Microsoft Corporation. All rights reserved.

[hvlad]

I moved most details under the spoiler.
Without debug information (.pdb) files it is useless, sorry.

Could you provide me with crash dump file ?

[gitnol]

thanks for moving the details, hvlad! :)

The crash dump file is 30 GB in size. I will provide it. I need some time for compressing and uploading.

Firebird 4.0.3 pdb files are from here: https://github.com/FirebirdSQL/firebird/releases/download/v4.0.3/Firebird-4.0.3.2975-0-x64-pdb.zip

[gitnol]

I have concerns because the Firebird process may contain sensitive information.
So I would like to send you the link to the dump personally. Is that okay for you?
i would use hvlad@user.sourceforge.net for this.

[hvlad]

Sure, it is OK

[hvlad]

Important part of stack trace

00 VCRUNTIME140!memcpy(void)+0x5e7 [D:\a\_work\1\s\src\vctools\crt\vcruntime\src\string\amd64\memcpy.asm @ 721]

01 fbclient!Firebird::Array<unsigned char,Firebird::InlineStorage<unsigned char,128,unsigned char> >::push(unsigned char * items = 0x00000006`0ede0030 "???", unsigned int itemsSize = 0xffffaae1)+0xb0
[z:\fb40\v4.0.3\firebird\src\common\classes\array.h @ 384]

02 fbclient!Firebird::ClumpletWriter::create(unsigned char * buffer = , unsigned int buffLen = , unsigned char tag = )+0x1c
[z:\fb40\v4.0.3\firebird\src\common\classes\clumpletwriter.cpp @ 171]

03 fbclient!Firebird::ClumpletWriter::ClumpletWriter(struct Firebird::ClumpletReader::KindList * kl = 0x00007ff971b72e58, unsigned int limit = 0x100000, unsigned char * buffer = 0x000000060ede0030 "???", unsigned int buffLen = 0xffffaae1)+0x9e
[z:\fb40\v4.0.3\firebird\src\common\classes\clumpletwriter.cpp @ 120]

04 fbclient!Why::Dispatcher::attachOrCreateDatabase(class Firebird::CheckStatusWrapper * status = 0x000000060736dd90, bool createFlag = false, char * filename = 0x000000060736df3c, unsigned int dpbLength = 0xffffaae1, unsigned char * dpb = 0x00000006`0ede0030 "???")+0x133
[z:\fb40\v4.0.3\firebird\src\yvalve\why.cpp @ 6300]

05 fbclient!Why::Dispatcher::attachDatabase(class Firebird::CheckStatusWrapper * status = , char * filename = , unsigned int dpbLength = , unsigned char * dpb = 0x00000006`0ede0030 "???")+0x1e
[z:\fb40\v4.0.3\firebird\src\yvalve\why.cpp @ 6278]

06 fbclient!isc_attach_database(int64 * userStatus = 0x000000060736f700, short fileLength = 0n16, char * filename = 0x0000000000000000 "", unsigned int * publicHandle = 0x0000000608d1d360, short dpbLength = 0n-21791, char * dpb = 0x000000060ede0030 "???")+0x301
[z:\fb40\v4.0.3\firebird\src\yvalve\why.cpp @ 1595]

07 engine13!EDS::IscProvider::isc_attach_database(class Firebird::CheckStatusWrapper * user_status = , short file_length = , char * file_name = 0x0000000608d1d1fc, unsigned int * public_handle = 0x0000000608d1d360, short dpb_length = 0n-21791, char * dpb = 0x00000006`0ede0030 "???")+0x89
[z:\fb40\v4.0.3\firebird\src\jrd\extds\iscds.cpp @ 876]

08 engine13!EDS::IscConnection::attach(class Jrd::thread_db * tdbb = 0x00000006`0736f700)+0x1e8
[z:\fb40\v4.0.3\firebird\src\jrd\extds\iscds.cpp @ 131]

09 engine13!EDS::Provider::createConnection(class Jrd::thread_db * tdbb = 0x000000060736f700, class Firebird::StringBase<Firebird::PathNameComparator> * dbName = 0x000000060736e4b0, class Firebird::ClumpletReader * dpb = 0x00000006`0736e530, EDS::TraScope tra_scope = traCommon (0n2))+0x57
[z:\fb40\v4.0.3\firebird\src\jrd\extds\extds.cpp @ 349]

0a engine13!EDS::Manager::getConnection(class Jrd::thread_db * tdbb = 0x000000060736f700, class Firebird::StringBase<Firebird::StringComparator> * dataSource = <Value unavailable error>, class Firebird::StringBase<Firebird::StringComparator> * user = <Value unavailable error>, class Firebird::StringBase<Firebird::StringComparator> * pwd = 0x0000000000000010, class Firebird::StringBaseFirebird::StringComparator * role = 0x00000006`0736e700, EDS::TraScope tra_scope = traCommon (0n2))+0x315
[z:\fb40\v4.0.3\firebird\src\jrd\extds\extds.cpp @ 242]

0b engine13!Jrd::ExecStatementNode::execute(class Jrd::thread_db * tdbb = 0x000000060736f700, class Jrd::jrd_req * request = 0x000000060ad3c440, struct Jrd::StmtNode::ExeState * __formal = 0x00000004`13462810)+0x1f9
[z:\fb40\v4.0.3\firebird\src\dsql\stmtnodes.cpp @ 3780]

0c engine13!EXE_looper(class Jrd::thread_db * tdbb = 0x000000060736f700, class Jrd::jrd_req * request = 0x000000060ad3c440, class Jrd::StmtNode * node = 0x00000004`13462810)+0x19f
[z:\fb40\v4.0.3\firebird\src\jrd\exe.cpp @ 1382]

Note dpb_length values in frames 7 and up.
Looking for correct solution.

What is Firebird version of remote server ?

[gitnol]

The Server Version is Firebird 4.0.3

[hvlad]

The fix is committed, try next snapshot build, please.

[gitnol]

Hey Vlad, Ok i will try it tomorrow and will answer afterwards in the thread. Beside that: Thanks Vlad for your patience and Support and engagement! Have a nice Day. Markus

[gitnol]

Hi Vlad,
I have deployed the new fbclient.dll. It seems to fix the issue.
Thank you very much. Please contact me personally.

I have created additional pcap files with wireshark with disabled wirecrypt on a testserver, if you are interested in a deeper analysis (before and after replaced fbclient.dll)

Best regards Markus

[gitnol]

Firebird Server seems to be stable now. I close the issue. Again, Vlad, Thank you very much.

[hvlad]

Reopened until porting into all affected branches

[hvlad]

The bug reason is few factors happens at the same time:

• usage of trusted auth on WIndows
• large size of auth block (more than 32KB), sooner of all due to big number of Windows groups granted to the user's Windows account
• attempt to pass auth block by EXECUTE STATEMENT into isc_attach_database() - this ISC API doesn't support DPB larger than 32KB

[pavel-zotov]

@@@ QA issue @@@

Need suggestion how to make auth block more than 32KB
("large size of auth block (more than 32KB), sooner of all due to big number of Windows groups granted to the user's Windows account")

[AlexPeshkoff]

On 1/14/24 17:37, Pavel Zotov wrote: due to big number of Windows groups granted to the user's Windows account

due to big number of Windows groups granted to the user's Windows account - is it reply to your question?

[pavel-zotov]

If this: "lot of Windows groups" is the only way to reproduce crash than i see no ability to implement such test.
But Vlad noted: sooner of all - so maybe there is another way ?