Issue Details (XML | Word | Printable)

Key: CORE-2858
Type: Bug Bug
Status: Closed Closed
Resolution: Fixed
Priority: Major Major
Assignee: Claudio Valderrama C.
Reporter: Claudio Valderrama C.
Votes: 0
Watchers: 0
Operations

If you were logged in you would be able to see more operations.
Firebird Core

Possible memory trashing when raising some exceptions to signal failed security checks

Created: 11/Feb/10 11:52 AM   Updated: 04/Feb/11 11:49 AM
Component/s: Engine
Affects Version/s: 2.1.0, 2.5 Alpha 1, 2.1.1, 2.1.2, 2.5 Beta 1, 2.5 Beta 2, 2.1.3, 3.0 Initial, 2.5 RC1, 2.5 RC2, 2.5 RC3
Fix Version/s: 2.5 RC3, 2.1.4, 3.0 Alpha 1

Time Tracking:
Not Specified

Planning Status: Unspecified


 Description  « Hide
Here's an extract from two isql sessions:

F:\fb2dev\fbbuild\firebird25\temp\Win32\Debug\firebird\bin>isql -user sysdba
-pass masterkey
Use CONNECT or CREATE DATABASE to specify a database
SQL> create database 'testsec.fdb';
SQL> create user cvc password 'cpp';
SQL> create table t(a int);
SQL> grant update(a) on t to user cvc;
SQL> ^Z

F:\fb2dev\fbbuild\firebird25\temp\Win32\Debug\firebird\bin>isql TESTSEC.FDB
-user cvc -pass cpp
Database: TESTSEC.FDB, User: cvc
SQL> alter table t alter column a to "A2";
Statement failed, SQLSTATE = 42000
unsuccessful metadata update
-MODIFY RDB$RELATION_FIELDS failed
-no permission for control access to
-no permission for <Missing arg #1 - possibly status vector overflow> access
to <Missing arg #2 - possibly status vector overflow> <Missing arg #3 -
possibly status vector overflow>
SQL> ^Z

This is what happens in v3 and v2.5. Going backwards, v2.1 fails in a more elegant way:
SQL> alter table t alter column a to a2;
Statement failed, SQLCODE = -607
unsuccessful metadata update
-MODIFY RDB$RELATION_FIELDS failed
-no permission for control access to
-no permission for control access to @2? @3?

I didn't test v2.0 but I wouldn't be surprised if the message is screwed, too.


 All   Comments   Work Log   Change History   Version Control   Subversion Commits      Sort Order: Ascending order - Click to sort in descending order
Dmitry Yemanov added a comment - 11/Feb/10 12:05 PM - edited
I don't get how it could trash memory, at least in recent versions. See my explanation in fb-devel ;-)

I also tend to disagree that the cryptic "for @1? access to @2? @3?" is more informative to end users than what v2.5/v3.0 is showing.

Claudio Valderrama C. added a comment - 12/Feb/10 11:21 AM
Change the description if you want, but what I found when debugging wasn't very nice.