New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Core dump in CVT_move [CORE1046] #1464
Comments
Modified by: Frank Schlottmann-Goedde (fsg)security: Project Members [ 10001 ] => |
Modified by: Frank Schlottmann-Goedde (fsg)environment: SuSe 10.0 and/or Ubuntu Dapper Firebird 2.0 Classic Server Windows Client executing a parameterised select statement. => SuSe 10.0 and/or Ubuntu Dapper Firebird 2.0 Classic Server Windows Client executing a parameterised select statement. |
Commented by: Frank Schlottmann-Goedde (fsg) We had to stop our attempts to update from 1.5 to 2.0 because of this issue, so I changed the priority. |
Modified by: Frank Schlottmann-Goedde (fsg)priority: Major [ 3 ] => Blocker [ 1 ] |
Commented by: @dyemanov What values should be passed in parameters in order to reproduce the crash? |
Commented by: @dyemanov Okay, I see the problem. Already working on it. |
Commented by: Frank Schlottmann-Goedde (fsg) Any values will do, I think I used 'b' and 'c' to create the dump. |
Commented by: Frank Schlottmann-Goedde (fsg) Thank you. |
Modified by: @dyemanovstatus: Open [ 1 ] => Resolved [ 5 ] resolution: Fixed [ 1 ] Fix Version: 2.0.1 [ 10090 ] Fix Version: 2.1 [ 10041 ] assignee: Dmitry Yemanov [ dimitr ] |
Modified by: @pcisarstatus: Resolved [ 5 ] => Closed [ 6 ] |
Commented by: @pcisar Reopened to update ticket information. |
Modified by: @pcisarWorkflow: jira [ 11380 ] => Firebird [ 15448 ] |
Modified by: @pavel-zotovQA Status: No test |
Modified by: @pavel-zotovstatus: Closed [ 6 ] => Closed [ 6 ] QA Status: No test => Cannot be tested |
Submitted by: Frank Schlottmann-Goedde (fsg)
add a new minimalistic UDF eg. to ib_udf.cpp
int EXPORT IB_UDF_bugtest( const char *a, const char *b, const char *c)
{
return (strlen(c));
}
Declare it to your database:
DECLARE EXTERNAL FUNCTION bugtest
CSTRING(32767),CSTRING(32767),CSTRING(32767)
RETURNS INTEGER BY VALUE
ENTRY_POINT 'IB_UDF_bugtest' MODULE_NAME 'ib_udf';
and try to execute (eg in Ibexpert):
select bugtest('a',:b,:c) from RDB$Database;
this will result in:
(gdb) c
Continuing.
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread -1216899392 (LWP 28965)]
0xb7c39a70 in CVT_move (from=0x20202050, to=0x20202050,
err=0xb7df204a <post_error>) at ../src/jrd/cvt.cpp:1313
1313 SLONG length = from->dsc_length;
(gdb) bt
#0 0xb7c39a70 in CVT_move (from=0x20202050, to=0x20202050,
err=0xb7df204a <post_error>) at ../src/jrd/cvt.cpp:1313
#1 0xb7df2044 in MOVD_move (from=0x20202050, to=0x20202050)
at ../src/dsql/movd.cpp:55
#2 0xb7de1d16 in map_in_out (request=0xb746ebcc, message=0xb746e9d8,
blr_length=18, blr=0xb7c1bed0 "\005\002\004", msg_length=8,
dsql_msg_buf=0xb7c1bb84 "a") at ../src/dsql/dsql.cpp:4339
#3 0xb7de3721 in execute_request (request=0xb746ebcc,
trans_handle=0xbff11d5c, in_blr_length=18,
in_blr=0xb7c1bed0 "\005\002\004", in_msg_length=8, in_msg=0xb7c1bb84 "a",
out_blr_length=0, out_blr=0x0, out_msg_length=0, out_msg=0x0,
singleton=false) at ../src/dsql/dsql.cpp:3329
#4 0xb7de480a in GDS_DSQL_EXECUTE_CPP (user_status=0xbff11d0c,
trans_handle=0xbff11d5c, req_handle=0xb7c1bf3c, in_blr_length=18,
in_blr=0xb7c1bed0 "\005\002\004", in_msg_type=0, in_msg_length=8,
in_msg=0xb7c1bb84 "a", out_blr_length=0, out_blr=0x0, out_msg_type=0,
out_msg_length=0, out_msg=0x0) at ../src/dsql/dsql.cpp:568
#5 0xb7de4b41 in dsql8_execute (user_status=0xbff11d0c,
trans_handle=0xbff11d5c, req_handle=0xb7c1bf3c, in_blr_length=18,
in_blr=0xb7c1bed0 "\005\002\004", in_msg_type=0, in_msg_length=8,
in_msg=0xb7c1bb84 "a", out_blr_length=0, out_blr=0x0, out_msg_type=0,
out_msg_length=0, out_msg=0x0) at ../src/dsql/dsql.cpp:294
#6 0xb7c5a189 in isc_dsql_execute2_m (user_status=0xbff11d0c,
---Type <return> to continue, or q <return> to quit---
tra_handle=0xbff11d5c, stmt_handle=0xb7c1ba4c, in_blr_length=18,
in_blr=0xb7c1bed0 "\005\002\004", in_msg_type=0, in_msg_length=8,
in_msg=0xb7c1bb84 "a", out_blr_length=0, out_blr=0x0, out_msg_type=0,
out_msg_length=0, out_msg=0x0) at ../src/jrd/why.cpp:2331
#7 0xb7e415f0 in rem_port::execute_statement (this=0xb7c1ddc0, op=op_execute,
sqldata=0xbff12118, sendL=0xbff12160) at ../src/remote/server.cpp:2041
#8 0xb7e44625 in process_packet (port=0xb7c1ddc0, sendL=0xbff12160,
receive=0xbff11ee0, result=0x0) at ../src/remote/server.cpp:3344
#9 0xb7e449cd in SRVR_main (main_port=0xb7c1ddc0, flags=0)
at ../src/remote/server.cpp:267
#10 0xb7e3c5c8 in server_main (argc=1, argv=0xbff13568)
at ../src/remote/inet_server.cpp:409
#11 0x08048570 in main (argc=1, argv=0xbff13564)
at ../src/remote/server_stub.cpp:12
(gdb) frame 1
#1 0xb7df2044 in MOVD_move (from=0x20202050, to=0x20202050)
at ../src/dsql/movd.cpp:55
55 CVT_move(from, to, post_error);
(gdb) print from
$1 = (const dsc *) 0x20202050
(gdb) print *from
Cannot access memory at address 0x20202050
(gdb)
Commits: f35e9e3 de78c42
The text was updated successfully, but these errors were encountered: