Bad packet of op_execute kills the server
-----------------------------------------
Key: CORE-4785
URL: http://tracker.firebirdsql.org/browse/CORE-4785
Project: Firebird Core
Issue Type: Bug
Components: Engine
Affects Versions: 2.5.4
Reporter: Kovalenko Dmitry
0. Connection through TCP/IP (INET)
1. Query: insert into NUM (N_1_0) values (?)
2. input XSQLDA contains one LONG-variable (isc_sql_long). Build code:
XSQLDA_V1_Wrapper xsqlda(1);
xsqlda->sqld=1;
unsigned __int32 xparam0_value=5;
short xparam0_ind=0;
xsqlda->sqlvar[0].sqltype=isc_api::ibp_isc_sql_long|1;
xsqlda->sqlvar[0].sqllen =sizeof(xparam0_value);
xsqlda->sqlvar[0].sqldata=reinterpret_cast<char*>(&xparam0_value);
xsqlda->sqlvar[0].sqlind =&xparam0_ind;
3. network packet ( op_execute )
P_OP_SQLDATA
p_sqldata_statement 2 unsigned short
p_sqldata_transaction 1 unsigned short
p_sqldata_blr {cstr_length=12 cstr_address=0x00424240 "\x5\x2\x4" }
ibp::db_client::fb::protocol::P_CSTRING_CONST
cstr_length 12
cstr_address = 05 02 04 00 02 00 08 00 07 00 ff 4c
p_sqldata_message_number 0 unsigned short
p_sqldata_messages 0 unsigned short
p_sqldata_out_blr {cstr_length=0 cstr_address=0x00000000 <NULL> }
ibp::db_client::fb::protocol::P_CSTRING_CONST
p_sqldata_out_message_number 0 unsigned short
p_sqldata_status 0 unsigned long
4. Server crash stack:
> fb_inet_server.exe!map_in_out(Jrd::dsql_req * request, Jrd::dsql_msg *
> message, unsigned short blr_length, const unsigned char * blr, unsigned short
> msg_length, unsigned char * dsql_msg_buf, const unsigned char *
> in_dsql_msg_buf) Line 2216 C++
fb_inet_server.exe!execute_request(Jrd::thread_db * tdbb, Jrd::dsql_req
* request, Jrd::jrd_tra * * tra_handle, unsigned short in_blr_length, const
unsigned char * in_blr, unsigned short in_msg_length, const unsigned char *
in_msg, unsigned short out_blr_length, unsigned char * out_blr, unsigned short
out_msg_length, unsigned char * out_msg, bool singleton) Line 1267 C++
fb_inet_server.exe!DSQL_execute(Jrd::thread_db * tdbb, Jrd::jrd_tra * *
tra_handle, Jrd::dsql_req * request, unsigned short in_blr_length, const
unsigned char * in_blr, unsigned short in_msg_type, unsigned short
in_msg_length, const unsigned char * in_msg, unsigned short out_blr_length,
unsigned char * out_blr, unsigned short out_msg_length, unsigned char *
out_msg) Line 273 C++
fb_inet_server.exe!jrd8_execute(__int64 * user_status, Jrd::jrd_tra * *
tra_handle, Jrd::dsql_req * * stmt_handle, unsigned short in_blr_length, const
char * in_blr, unsigned short in_msg_type, unsigned short in_msg_length, const
char * in_msg, unsigned short out_blr_length, char * out_blr, unsigned short
__formal, unsigned short out_msg_length, char * out_msg) Line 4049 C++
fb_inet_server.exe!isc_dsql_execute2_m(__int64 * user_status, unsigned
int * tra_handle, unsigned int * stmt_handle, unsigned short in_blr_length,
const char * in_blr, unsigned short in_msg_type, unsigned short in_msg_length,
char * in_msg, unsigned short out_blr_length, char * out_blr, unsigned short
out_msg_type, unsigned short out_msg_length, char * out_msg) Line 2725 C++
fb_inet_server.exe!rem_port::execute_statement(P_OP op, p_sqldata *
sqldata, packet * sendL) Line 2327 C++
fb_inet_server.exe!process_packet(rem_port * port, packet * sendL,
packet * receive, rem_port * * result) Line 3530 C++
fb_inet_server.exe!loopThread(void * __formal) Line 5261 C++
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://tracker.firebirdsql.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
------------------------------------------------------------------------------
One dashboard for servers and applications across Physical-Virtual-Cloud
Widest out-of-the-box monitoring support with 50+ applications
Performance metrics, stats and reports that give you Actionable Insights
Deep dive visibility with transaction tracing using APM Insight.
http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
Firebird-Devel mailing list, web interface at
https://lists.sourceforge.net/lists/listinfo/firebird-devel
