11.04.2016 22:49, Dimitry Sibiryakov wrote:
> Let me show that on example from TempSpace::setupFile():
>
>> Firebird::StaticStatusVector status_vector;
> .....
>> try
>> {
> .....
>> catch (const Firebird::system_error& ex)
>> {
>> ex.stuffException(status_vector);
>
> At this point status_vector contain pointers to dynamic strings allocated by
> system_exception object ex.
>
>> continue;
>> }
>
> At this point the exception object is released and all dynamic strings are
> freed.
> status_vector now is pointing to freed memory.
In v2.5 destructor did not release the strings (because they were not
dynamically allocated but used a circular buffer), so it worked.
>> Firebird::Arg::Gds status(isc_out_of_temp_space);
>> status.append(Firebird::Arg::StatusVector(status_vector.begin()));
>> status.raise();
>
> Here newly created exception object is trying to copy strings from
> status_vector, but
> they were already replaced with some garbage and the engine crash.
I believe some other kind of status holder should be used there.
DynamicStatusVector maybe?
Do you know other places where this bug exists too?
Dmitry
------------------------------------------------------------------------------
Find and fix application performance issues faster with Applications Manager
Applications Manager provides deep performance insights into multiple tiers of
your business applications. It resolves application problems quickly and
reduces your MTTR. Get your free trial!
https://ad.doubleclick.net/ddm/clk/302982198;130105516;z
Firebird-Devel mailing list, web interface at
https://lists.sourceforge.net/lists/listinfo/firebird-devel
