[Firebird-devel] [FB-Tracker] Created: (CORE-6338) Embedded server crashing on short connects to database which want to be sweeped

Fri, 19 Jun 2020 06:50:17 -0700 

Embedded server crashing on short connects to database which want to be sweeped
-------------------------------------------------------------------------------

                 Key: CORE-6338
                 URL: http://tracker.firebirdsql.org/browse/CORE-6338
             Project: Firebird Core
          Issue Type: Bug
          Components: Engine
    Affects Versions: 3.0.5
         Environment: linux
            Reporter: Artyom Smirnov


In some cases firebird server can craft such database, which crashes embedded 
server if embedded connection too short to complete sweep.

To reproduce stop firebird, make sure running user will have all permissions to 
work as embedded and run included script.
Script will emulate database crafting by disabling sweep, inserting data but 
nor commit nor rollback it and enabling sweep. Next connections CAN crash, but 
not always. If crafted database will be properly sweeped crashes disappearing.
Stacktraces telling it crashing during exit, but stack with segfault smashed.

Reproducing script:

https://gist.github.com/artyom-smirnov/9f7f3d873f34fc12dcd721cab92818e3

or

#!/bin/bash
rm -f repro.fdb f

ISQL=bin/isql
GFIX=bin/gfix

cat << EOF > create.sql
create database 'repro.fdb';
create table test(test varchar(255));
EOF

cat << EOF > connect.sql
connect 'repro.fdb' user 'sysdba' password 'masterkey';
exit;
EOF

cat << EOF > gdbinit
set \$_exitcode = -1
run
if \$_exitcode != -1
    quit
end
EOF

$ISQL -u sysdba -p masterkey -i create.sql
$GFIX -user sysdba -pass masterkey -h 0 repro.fdb

mkfifo f
cat f | $ISQL -u sysdba -p masterkey repro.fdb&
ISQL_PID=$!
exec 3>f
for i in `seq 1 1000`; do
cat << EOF > f
insert into test values('text');
EOF
done

kill -KILL $ISQL_PID

$GFIX -user sysdba -pass masterkey -h 1 repro.fdb

while true; do gdb -x gdbinit --args $ISQL -u sysdba -p masterkey -i 
connect.sql; done
#while true; do $ISQL -u sysdba -p masterkey -i connect.sql; done

Stack with crash looks smashed:

Thread 6 "isql" received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7fffebfff700 (LWP 90529)]
0x00007ffff53bfd72 in ?? ()
(gdb) bt
#0  0x00007ffff53bfd72 in ?? ()
#1  0x0000000000000010 in ?? ()
#2  0x00007ffff7bc6340 in ?? ()
#3  0x00000000ebffecb0 in ?? ()
#4  0x00007ffff58e60e2 in ?? ()
#5  0x0000000000000001 in ?? ()
#6  0x0000000014000218 in ?? ()
#7  0x0000000000000000 in ?? ()
(gdb) 

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: 
http://tracker.firebirdsql.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

        


Firebird-Devel mailing list, web interface at 
https://lists.sourceforge.net/lists/listinfo/firebird-devel

Reply via email to