[Firebird-devel] [FB-Tracker] Created: (CORE-4006) using a result from a procedure in a substring expression leads to server crash

[Frank Schlottmann-Goedde (JIRA)]

using a result from a procedure in a substring expression leads to server crash
-------------------------------------------------------------------------------

                 Key: CORE-4006
                 URL: http://tracker.firebirdsql.org/browse/CORE-4006
             Project: Firebird Core
          Issue Type: Bug
          Components: Engine
    Affects Versions: 3.0 Alpha 1
         Environment: all
            Reporter: Frank Schlottmann-Goedde
            Priority: Blocker


The following script demonstrates the issue:
------------------------------------------------------------------------------------------
SET TERM ^ ;

create or alter procedure P_STR_RPOS
returns (
    RESULT integer)
as
begin
   result=14;
  suspend;
end^

SET TERM ; ^


select substring('somestringwith \ no meaning' from 1 for RESULT)
from P_STR_RPOS;

----------------------------------------------------------------------------------------------------------------------------------------------------------------------------
 

Call stack:

        ntdll.dll!77bd15de()    
        [Unten angegebene Rahmen sind möglicherweise nicht korrekt und/oder 
fehlen, keine Symbole geladen für ntdll.dll]        
        ntdll.dll!77bd15de()    
        ntdll.dll!77bc014e()    
>       engine12.dll!Firebird::MemoryPool::allocate(unsigned int 
> size=0x0018efac)  Zeile 497 + 0x1a Bytes       C++
        engine12.dll!Jrd::FieldNode::parse(Jrd::thread_db * tdbb=0x0018e834, 
Firebird::MemoryPool & pool={...}, Jrd::CompilerScratch * csb=0x0388003c, 
unsigned char blrOp='¬')  Zeile 4717 + 0x11 Bytes        C++
        
engine12.dll!Firebird::Array<Jrd::AccessItem,Firebird::EmptyStorage<Jrd::AccessItem>
 >::insert(const unsigned int index=0x00000000, const Jrd::AccessItem & 
item={...})  Zeile 200 + 0x12 Bytes C++
        engine12.dll!CMP_post_access(Jrd::thread_db * tdbb=0x00000026, 
Jrd::CompilerScratch * csb=0x54d3fd8a, const Firebird::MetaName & 
security_name={...}, long view_id=0x0255dfeb, unsigned short mask=0xffff, long 
type_name=0x0230e944, const Firebird::MetaName & name={...}, const 
Firebird::MetaName & r_name={...})  Zeile 397 + 0xf Bytes    C++
        engine12.dll!DataTypeUtilBase::convertLength(const dsc * 
src=0x0018e988, const dsc * dst=0x0018e954)  Zeile 226 + 0x73 Bytes    C++
        engine12.dll!Jrd::SubstringNode::getDesc(Jrd::thread_db * 
tdbb=0x0018efac, Jrd::CompilerScratch * csb=0x03880ec0, dsc * desc=0x0018e988)  
Zeile 9432 + 0x2d Bytes       C++
        engine12.dll!Jrd::SubstringNode::pass2(Jrd::thread_db * 
tdbb=0x0018efac, Jrd::CompilerScratch * csb=0x03880018)  Zeile 9475     C++
        engine12.dll!Jrd::AssignmentNode::pass2(Jrd::thread_db * 
tdbb=0x0018efac, Jrd::CompilerScratch * csb=0x03880018)  Zeile 371 + 0x1c Bytes 
       C++
        engine12.dll!Jrd::CompoundStmtNode::pass2(Jrd::thread_db * 
tdbb=0x0018efac, Jrd::CompilerScratch * csb=0x03880018)  Zeile 778 + 0x14 Bytes 
     C++
        engine12.dll!Jrd::SuspendNode::pass2(Jrd::thread_db * tdbb=0x0018efac, 
Jrd::CompilerScratch * csb=0x03880018)  Zeile 7277 + 0x22 Bytes  C++
        engine12.dll!Jrd::ForNode::pass2(Jrd::thread_db * tdbb=0x0018efac, 
Jrd::CompilerScratch * csb=0x03880018)  Zeile 4370 + 0x16 Bytes      C++
        engine12.dll!Jrd::CompoundStmtNode::pass2(Jrd::thread_db * 
tdbb=0x0018efac, Jrd::CompilerScratch * csb=0x03880018)  Zeile 778 + 0x14 Bytes 
     C++
        engine12.dll!Jrd::JrdStatement::makeStatement(Jrd::thread_db * 
tdbb=0x0018efac, Jrd::CompilerScratch * csb=0x03880018, bool 
internalFlag=false)  Zeile 244 + 0xd Bytes  C++
        engine12.dll!Jrd::JrdStatement::makeRequest(Jrd::thread_db * 
tdbb=0x0018efac, Jrd::CompilerScratch * csb=0x03880018, bool 
internalFlag=false)  Zeile 295 + 0x15 Bytes   C++
        engine12.dll!CMP_compile2(Jrd::thread_db * tdbb=0x0018efac, const 
unsigned char * blr=0x02ea006c, unsigned long blr_length=0x0000007d, bool 
internal_flag=false, unsigned long dbginfo_length=0x00000000, const unsigned 
char * dbginfo=0x02ea047c)  Zeile 176 + 0xe Bytes      C++
        engine12.dll!JRD_compile(Jrd::thread_db * tdbb=0x0018efac, 
Jrd::Attachment * attachment=0x004a0018, Jrd::jrd_req * * 
req_handle=0x02ea13a4, unsigned long blr_length=0x0000007d, const unsigned char 
* blr=0x02ea006c, 
Firebird::RefPtr<Firebird::AnyRef<Firebird::StringBase<Firebird::StringComparator>
 > > ref_str={...}, unsigned long dbginfo_length=0x00000000, const unsigned 
char * dbginfo=0x02ea047c, bool isInternalRequest=false)  Zeile 7202 + 0x23 
Bytes  C++
        engine12.dll!Jrd::DsqlDmlRequest::dsqlPass(Jrd::thread_db * 
tdbb=0x0018efac, Jrd::DsqlCompilerScratch * scratch=0x02ea0060, ntrace_result_t 
* traceResult=0x0018ec6c)  Zeile 766 + 0x69 Bytes   C++
        engine12.dll!prepareStatement(Jrd::thread_db * tdbb=0x0018efac, 
Jrd::dsql_dbb * database=0x00000000, Jrd::jrd_tra * transaction=0x02e202a0, 
unsigned long textLength=0x00000000, const char * text=0x00000000, unsigned 
short clientDialect=0x0003, unsigned short parserVersion=0x0002, bool 
isInternalRequest=false)  Zeile 1663      C++
        engine12.dll!prepareRequest(Jrd::thread_db * tdbb=0x0018efac, 
Jrd::dsql_dbb * database=0x02e30018, Jrd::jrd_tra * transaction=0x02e202a0, 
unsigned long textLength=0x00000000, const char * text=0x02e60018, unsigned 
short clientDialect=0x0003, unsigned short parserVersion=0x0000, bool 
isInternalRequest=false)  Zeile 1526 + 0x23 Bytes   C++
        engine12.dll!DSQL_prepare(Jrd::thread_db * tdbb=0x0018efac, 
Jrd::jrd_tra * transaction=0x02e202a0, Jrd::dsql_req * * req_handle=0x00488360, 
unsigned long length=0x00000000, const char * string=0x02e60018, unsigned short 
dialect=0x0003, unsigned long item_length=0x00000019, const unsigned char * 
items=0x00497cd8, unsigned long buffer_length=0x0000ffff, unsigned char * 
buffer=0x03810018, bool isInternalRequest=false)  Zeile 435 + 0x1a Bytes      
C++
        engine12.dll!Jrd::JStatement::prepare(Firebird::IStatus * 
user_status=0x0018f128, Firebird::ITransaction * apiTra=0x00488338, unsigned 
int stmtLength=0x00000000, const char * sqlStmt=0x02e60018, unsigned int 
dialect=0x00000003, unsigned int flags=0x00000007)  Zeile 4523  C++
        fbclient.dll!Why::YStatement::prepare(Firebird::IStatus * 
status=0x0018f128, Firebird::ITransaction * transaction=0x00260940, unsigned 
int stmtLength=0x00000000, const char * sqlStmt=0x02e60018, unsigned int 
dialect=0x00000003, unsigned int flags=0x00000007)  Zeile 3691 + 0x1d Bytes     
C++
        fbclient.dll!isc_dsql_prepare(int * userStatus=0x00263e00, void * * 
traHandle=0x00260940, void * * stmtHandle=0x00260940, unsigned short 
stmtLength=0x0000, const char * sqlStmt=0x02e60018, unsigned short 
dialect=0x0003, XSQLDA * sqlda=0x00264010)  Zeile 2302      C++
        isql.exe!process_statement(const char * string=0x02e60018, XSQLDA * * 
sqldap=0x00000000)  Zeile 9968 + 0x1f Bytes       C++
        isql.exe!do_isql()  Zeile 5744 + 0xc Bytes      C++
        isql.exe!ISQL_main(int argc=0x00000002, char * * argv=0x00293f68)  
Zeile 1613   C++
        isql.exe!__tmainCRTStartup()  Zeile 597 + 0x17 Bytes    C
        kernel32.dll!771b33aa()         
        ntdll.dll!77be9ef2()    
        ntdll.dll!77be9ec5()    


-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: 
http://tracker.firebirdsql.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

       

------------------------------------------------------------------------------
LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial
Remotely access PCs and mobile devices and provide instant support
Improve your efficiency, and focus on delivering more value-add services
Discover what IT Professionals Know. Rescue delivers
http://p.sf.net/sfu/logmein_12329d2d
Firebird-Devel mailing list, web interface at 
https://lists.sourceforge.net/lists/listinfo/firebird-devel