Server may crash parsing wrong or truncated BLR [CORE2576] #2986
Assignees
Labels
affect-version: 1.5.4
affect-version: 1.5.5
affect-version: 2.0.0
affect-version: 2.0.1
affect-version: 2.0.2
affect-version: 2.0.3
affect-version: 2.0.4
affect-version: 2.0.5
affect-version: 2.1.0
affect-version: 2.1.1
affect-version: 2.1.2
affect-version: 2.5 Alpha 1
affect-version: 2.5 Beta 1
component: engine
fix-version: 2.5 RC1
priority: major
qa: cannot be tested
type: bug
Comments
Modified by: @asfernandesComponent: Engine [ 10000 ] assignee: Adriano dos Santos Fernandes [ asfernandes ] |
Modified by: @asfernandesstatus: Open [ 1 ] => Resolved [ 5 ] resolution: Fixed [ 1 ] Fix Version: 2.5 RC1 [ 10362 ] |
Modified by: @pcisarstatus: Resolved [ 5 ] => Closed [ 6 ] |
Modified by: @pavel-zotovQA Status: No test |
Modified by: @pavel-zotovstatus: Closed [ 6 ] => Closed [ 6 ] QA Status: No test => Cannot be tested |
firebird-automations
added
affect-version: 2.5 Beta 1
affect-version: 2.1.2
affect-version: 2.0.5
affect-version: 2.1.1
affect-version: 2.5 Alpha 1
affect-version: 2.0.4
affect-version: 2.1.0
affect-version: 1.5.5
affect-version: 2.0.3
affect-version: 2.0.2
affect-version: 2.0.1
affect-version: 1.5.4
affect-version: 2.0.0
fix-version: 2.5 RC1
resolution: fixed
priority: major
component: engine
type: bug
qa: cannot be tested
labels
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Submitted by: @asfernandes
BLR is read on a buffer and passed for parse without inform a length. The BLR is parsed until a blr_eoc is found.
If the buffer doesn't end with blr_eoc, the parser will continue reading unallocated memory. If it reads some byte in a not committed page memory, a read access violation will occur and the server will crash.
Commits: 4759973
The text was updated successfully, but these errors were encountered: