Issue Details (XML | Word | Printable)

Key: CORE-1046
Type: Bug Bug
Status: Closed Closed
Resolution: Fixed
Priority: Blocker Blocker
Assignee: Dmitry Yemanov
Reporter: Frank Schlottmann-Goedde
Votes: 0
Watchers: 0
Operations

If you were logged in you would be able to see more operations.
Firebird Core

Core dump in CVT_move

Created: 07/Dec/06 03:42 AM   Updated: 26/Apr/07 12:33 PM
Component/s: Engine
Affects Version/s: 2.0.0
Fix Version/s: 2.0.1, 2.1 Alpha 1

Time Tracking:
Not Specified

Environment:
SuSe 10.0 and/or Ubuntu Dapper

Firebird 2.0 Classic Server
Affects Super Server too

Windows Client executing a parameterised select statement.
 



 Description  « Hide
add a new minimalistic UDF eg. to ib_udf.cpp

int EXPORT IB_UDF_bugtest( const char *a, const char *b, const char *c)
{
    return (strlen(c));
}


Declare it to your database:

DECLARE EXTERNAL FUNCTION bugtest
        CSTRING(32767),CSTRING(32767),CSTRING(32767)
        RETURNS INTEGER BY VALUE
        ENTRY_POINT 'IB_UDF_bugtest' MODULE_NAME 'ib_udf';


and try to execute (eg in Ibexpert):
select bugtest('a',:b,:c) from RDB$Database;

this will result in:

(gdb) c
Continuing.

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread -1216899392 (LWP 28965)]
0xb7c39a70 in CVT_move (from=0x20202050, to=0x20202050,
    err=0xb7df204a <post_error>) at ../src/jrd/cvt.cpp:1313
1313 SLONG length = from->dsc_length;
(gdb) bt
#0 0xb7c39a70 in CVT_move (from=0x20202050, to=0x20202050,
    err=0xb7df204a <post_error>) at ../src/jrd/cvt.cpp:1313
#1 0xb7df2044 in MOVD_move (from=0x20202050, to=0x20202050)
    at ../src/dsql/movd.cpp:55
#2 0xb7de1d16 in map_in_out (request=0xb746ebcc, message=0xb746e9d8,
    blr_length=18, blr=0xb7c1bed0 "\005\002\004", msg_length=8,
    dsql_msg_buf=0xb7c1bb84 "a") at ../src/dsql/dsql.cpp:4339
#3 0xb7de3721 in execute_request (request=0xb746ebcc,
    trans_handle=0xbff11d5c, in_blr_length=18,
    in_blr=0xb7c1bed0 "\005\002\004", in_msg_length=8, in_msg=0xb7c1bb84 "a",
    out_blr_length=0, out_blr=0x0, out_msg_length=0, out_msg=0x0,
    singleton=false) at ../src/dsql/dsql.cpp:3329
#4 0xb7de480a in GDS_DSQL_EXECUTE_CPP (user_status=0xbff11d0c,
    trans_handle=0xbff11d5c, req_handle=0xb7c1bf3c, in_blr_length=18,
    in_blr=0xb7c1bed0 "\005\002\004", in_msg_type=0, in_msg_length=8,
    in_msg=0xb7c1bb84 "a", out_blr_length=0, out_blr=0x0, out_msg_type=0,
    out_msg_length=0, out_msg=0x0) at ../src/dsql/dsql.cpp:568
#5 0xb7de4b41 in dsql8_execute (user_status=0xbff11d0c,
    trans_handle=0xbff11d5c, req_handle=0xb7c1bf3c, in_blr_length=18,
    in_blr=0xb7c1bed0 "\005\002\004", in_msg_type=0, in_msg_length=8,
    in_msg=0xb7c1bb84 "a", out_blr_length=0, out_blr=0x0, out_msg_type=0,
    out_msg_length=0, out_msg=0x0) at ../src/dsql/dsql.cpp:294
#6 0xb7c5a189 in isc_dsql_execute2_m (user_status=0xbff11d0c,
---Type <return> to continue, or q <return> to quit---
    tra_handle=0xbff11d5c, stmt_handle=0xb7c1ba4c, in_blr_length=18,
    in_blr=0xb7c1bed0 "\005\002\004", in_msg_type=0, in_msg_length=8,
    in_msg=0xb7c1bb84 "a", out_blr_length=0, out_blr=0x0, out_msg_type=0,
    out_msg_length=0, out_msg=0x0) at ../src/jrd/why.cpp:2331
#7 0xb7e415f0 in rem_port::execute_statement (this=0xb7c1ddc0, op=op_execute,
    sqldata=0xbff12118, sendL=0xbff12160) at ../src/remote/server.cpp:2041
#8 0xb7e44625 in process_packet (port=0xb7c1ddc0, sendL=0xbff12160,
    receive=0xbff11ee0, result=0x0) at ../src/remote/server.cpp:3344
#9 0xb7e449cd in SRVR_main (main_port=0xb7c1ddc0, flags=0)
    at ../src/remote/server.cpp:267
#10 0xb7e3c5c8 in server_main (argc=1, argv=0xbff13568)
    at ../src/remote/inet_server.cpp:409
#11 0x08048570 in main (argc=1, argv=0xbff13564)
    at ../src/remote/server_stub.cpp:12
(gdb) frame 1
#1 0xb7df2044 in MOVD_move (from=0x20202050, to=0x20202050)
    at ../src/dsql/movd.cpp:55
55 CVT_move(from, to, post_error);
(gdb) print from
$1 = (const dsc *) 0x20202050
(gdb) print *from
Cannot access memory at address 0x20202050
(gdb)



 All   Comments   Work Log   Change History   Version Control   Subversion Commits      Sort Order: Ascending order - Click to sort in descending order
Frank Schlottmann-Goedde added a comment - 12/Dec/06 02:18 AM
We had to stop our attempts to update from 1.5 to 2.0 because of this issue, so I changed the priority.
At least for our installations, this is definitely a blocker.

Dmitry Yemanov added a comment - 12/Dec/06 06:29 AM
What values should be passed in parameters in order to reproduce the crash?

Dmitry Yemanov added a comment - 12/Dec/06 06:56 AM
Okay, I see the problem. Already working on it.

Frank Schlottmann-Goedde added a comment - 12/Dec/06 07:04 AM
Any values will do, I think I used 'b' and 'c' to create the dump.




Frank Schlottmann-Goedde added a comment - 12/Dec/06 07:07 AM
Thank you.

Pavel Cisar added a comment - 26/Apr/07 11:41 AM
Reopened to update ticket information.