Issue Details (XML | Word | Printable)

Key: CORE-3996
Type: Bug Bug
Status: Closed Closed
Resolution: Fixed
Priority: Major Major
Assignee: Alexander Peshkov
Reporter: Yurij
Votes: 0
Watchers: 2

If you were logged in you would be able to see more operations.
Firebird Core

Firebird crashes when trying to create database in restricted path

Created: 26/Nov/12 08:42 AM   Updated: 18/Jan/16 03:49 PM
Component/s: Engine
Affects Version/s: 2.5.2
Fix Version/s: 3.0 Alpha 1, 2.5.3

Environment: Windows 2003

QA Status: No test

 Description  « Hide
When firebird.conf contains DatabaseAccess = Restrict SomePath
and isql trying to create database with some other path, Firebird crashes with stack trace:

> fbserver.exe!trace_failed_attach(Jrd::TraceManager * traceManager=0x00000000, const char * filename=0x0000000c, const DatabaseOptions & options={...}, bool create=true, int * status=0x00000000) Line 781 C++
  fbserver.exe!jrd8_create_database(int * user_status=0x01bffb30, const char * filename=0x01bffabc, Jrd::Attachment * * handle=0x01bff9bc, unsigned short dpb_length=132, const unsigned char * dpb=0x010b070c) Line 1989 C++
  fbserver.exe!isc_create_database(int * user_status=0x01bffb30, unsigned short file_length=29, const char * file_name=0x01d26b00, void * * public_handle=0x01bffb24, short dpb_length=132, const unsigned char * dpb=0x01d2734c, unsigned short __formal=0) Line 2071 + 0x5f bytes C++
  fbserver.exe!attach_database2(rem_port * port=0x01d26e50, P_OP operation=op_create, const char * file=0x01d26b00, int l=29, const unsigned char * dpb=0x01bffd48, int dl=94, packet * send=0x019ffae0) Line 1218 C++
  fbserver.exe!attach_database(rem_port * port=0x01d26e50, P_OP operation=op_create, p_atch * attach=0x019ffe58, packet * send=0x00000000) Line 1143 + 0x61 bytes C++
  fbserver.exe!process_packet(rem_port * port=0x01d26e50, packet * sendL=0x019ffae0, packet * receive=0x019ffd70, rem_port * * result=0x01bfff2c) Line 3323 + 0x10 bytes C++
  fbserver.exe!loopThread(void * __formal=0x0000007a) Line 5212 + 0x22 bytes C++
  fbserver.exe!ThreadPriorityScheduler::run() Line 169 + 0x8 bytes C++
  fbserver.exe!`anonymous namespace'::threadStart(void * arg=0x010b05b8) Line 99 C++
  msvcr80.dll!__endthreadex() + 0x3b bytes
  msvcr80.dll!__endthreadex() + 0xc7 bytes
  kernel32.dll!_BaseThreadStart@8() + 0x34 bytes

This is caused by line jrd.cpp/1988:
 trace_failed_attach(NULL, filename, options, true, false);

last "false" parameter (from old-style call, before revision 54433) implicitly converted to NULL status pointer, which is then deferenced in trace_failed_attach (jrd.cpp, 781):

 const bool no_priv = (status[1] == isc_login || status[1] == isc_no_priv);

 All   Comments   Change History   Subversion Commits      Sort Order: Ascending order - Click to sort in descending order
Alexander Peshkov added a comment - 26/Nov/12 08:53 AM
Thanks, I already have that fix in private tree
Will be committed soon