Issue Details (XML | Word | Printable)

Key: CORE-2576
Type: Bug Bug
Status: Closed Closed
Resolution: Fixed
Priority: Major Major
Assignee: Adriano dos Santos Fernandes
Reporter: Adriano dos Santos Fernandes
Votes: 0
Watchers: 0
Operations

If you were logged in you would be able to see more operations.
Firebird Core

Server may crash parsing wrong or truncated BLR

Created: 27/Jul/09 09:55 AM   Updated: 12/Nov/09 05:31 PM
Component/s: Engine
Affects Version/s: 2.0.0, 1.5.4, 2.0.1, 2.0.2, 2.0.3, 1.5.5, 2.1.0, 2.0.4, 2.5 Alpha 1, 2.1.1, 2.0.5, 2.1.2, 2.5 Beta 1
Fix Version/s: 2.5 RC1

Time Tracking:
Not Specified

Planning Status: Unspecified


 Description  « Hide
BLR is read on a buffer and passed for parse without inform a length. The BLR is parsed until a blr_eoc is found.

If the buffer doesn't end with blr_eoc, the parser will continue reading unallocated memory. If it reads some byte in a not committed page memory, a read access violation will occur and the server will crash.

 All   Comments   Work Log   Change History   Version Control   Subversion Commits      Sort Order: Ascending order - Click to sort in descending order
There are no comments yet on this issue.