Issue Details (XML | Word | Printable)

Key: CORE-4123
Type: Bug Bug
Status: Closed Closed
Resolution: Fixed
Priority: Critical Critical
Assignee: Dmitry Yemanov
Reporter: Jesus Angel Garcia Zarco
Votes: 0
Watchers: 1
Operations

If you were logged in you would be able to see more operations.
Firebird Core

Firebird crash when executing an stored procedure called by a trigger that converts string to upper

Created: 18/Jun/13 03:42 PM   Updated: 12/Jul/15 05:56 AM
Component/s: Engine
Affects Version/s: 2.5.2, 2.5.2 Update 1
Fix Version/s: 3.0 Alpha 1, 2.1.6, 2.5.3

Environment: Windows 2008 Server, Database ISO8859_1, Superserver
Issue Links:
Relate

QA Status: Done successfully


 Description  « Hide
I have a table with a trigger before insert that calls a strored procedure. Inside the stored procedure the next statement is executed, uResult = upper(Result), where Result is a varchar(40) input variable, that comes from a row field value.

When an insert is executed in the table, if the field value is 'ÿÿÿÿ', and the stored procedure is called with it, firebird crash, and before crash, I get an exception "arithmetic..."

Also, If I try to run select upper( 'ÿ' ) from rdb$database, returns "arithmethic exception, string truncation or numeri overflow..".

When this error raises inserting a row in the table, after the exception is raised, Firebird terminates abnormally. If I execute the stored procedure, the error raises, but firebird does not crash, only if the stored procedure is called from the trigger.

I can supply DB (5Gb), and insert command.

When the server termitates abnormally, starts again, and my process application tries to execute the insert again and Firebird terminates abnormally again. After some crashes, the firebird database gets corrupted, because users and processes (reconnectting) were working, while shutting down and restarting the engine..

SERVIDOR-CAB (Client) Tue Jun 18 14:36:54 2013
Guardian starting: "C:\Firebird\bin\fbserver.exe"
SERVIDOR-CAB (Client) Tue Jun 18 14:37:01 2013
"C:\Firebird\bin\fbserver.exe": terminated abnormally (4294967295)
SERVIDOR-CAB (Client) Tue Jun 18 14:37:02 2013
Guardian starting: "C:\Firebird\bin\fbserver.exe"
SERVIDOR-CAB (Client) Tue Jun 18 14:37:09 2013
"C:\Firebird\bin\fbserver.exe": terminated abnormally (4294967295)
......

When validating database.....

SERVIDOR-CAB (Server) Tue Jun 18 14:54:55 2013
Database: Gestlab
Relation has 1 orphan backversions (148 in use) in table LIS_ENL_COLA_RESULTADO (532)
SERVIDOR-CAB (Server) Tue Jun 18 14:55:04 2013
Database: Gestlab
Relation has 3 orphan backversions (0 in use) in table PET_DIARIO (600)
SERVIDOR-CAB (Server) Tue Jun 18 14:57:36 2013
Database: Gestlab
Relation has 625 orphan backversions (212 in use) in table PET_PRUEBA (670)
SERVIDOR-CAB (Server) Tue Jun 18 14:58:05 2013
Database: Gestlab
Relation has 1 orphan backversions (20 in use) in table PETICION (717)
SERVIDOR-CAB (Server) Tue Jun 18 14:58:43 2013
Database: Gestlab
Page 614694 is an orphan
SERVIDOR-CAB (Server) Tue Jun 18 14:58:43 2013
Database: Gestlab
Page 614917 is an orphan
SERVIDOR-CAB (Server) Tue Jun 18 14:58:43 2013
Database: Gestlab
Page 614926 is an orphan
SERVIDOR-CAB (Server) Tue Jun 18 14:58:43 2013
Database: Gestlab
Page 614987 is an orphan
SERVIDOR-CAB (Server) Tue Jun 18 14:58:43 2013
Database: Gestlab
Page 615010 is an orphan
SERVIDOR-CAB (Server) Tue Jun 18 14:58:43 2013
Database: Gestlab
Page 615011 is an orphan
SERVIDOR-CAB (Server) Tue Jun 18 14:58:43 2013
Database: Gestlab
Page 615012 is an orphan
SERVIDOR-CAB (Server) Tue Jun 18 14:58:43 2013
Database: Gestlab
Page 615015 is an orphan

and so.....


 All   Comments   Change History   Subversion Commits      Sort Order: Ascending order - Click to sort in descending order
Dmitry Yemanov added a comment - 19/Jun/13 06:58 AM
Please provide the database by uploading it somewhere and sending the URL to me at firebird2@yandex.ru.

Dmitry Yemanov added a comment - 19/Jun/13 04:13 PM
The problem starts with the character 'ÿ' that does not have an upper case representation in ISO8859_1 (unlike WIN1252). I don't really know what is more correct in this case - throw an error or leave the character untouched. Nowadays Firebird throws an error, FWIW. Then a silly error checking allows the broken data descriptor to pass to the index scanning code that causes a local bufer overrun thus corrupting the stack.

Jesus Angel Garcia Zarco added a comment - 19/Jun/13 04:30 PM
I think that if a character does not have an upper representation, leave as is in the returning string. Is like if I call upper with '(' or '$' that does not have upper representation.


Dmitry Yemanov added a comment - 19/Jun/13 05:41 PM
Strictly speaking, 'ÿ' does have an upper representation (visually rendered diferently), but it's missing in the partcular charset. It's another situation as with '(' or '$'.

Jesus Angel Garcia Zarco added a comment - 19/Jun/13 06:21 PM
The source of corrupted index pages is the corrupted stack?
Why with this issue the database gets corrupted?

Adriano dos Santos Fernandes added a comment - 20/Jun/13 02:47 AM
Added a link to CORE-2912. Once the crash is fixed, I think this bug can be closed here.

The "crash" in CORE-2912 is just about the arithmetic exception.

Adriano dos Santos Fernandes added a comment - 20/Jun/13 02:56 AM
And I think I have a solution to CORE-2912. It seems the same problem and solution of CORE-1431.

Dmitry Yemanov added a comment - 20/Jun/13 05:47 AM
I've moved the buffer overrun to a separate issue, see CORE-4127.

Dmitry Yemanov added a comment - 20/Jun/13 06:51 AM
Adriano, I have nothing to add for this ticket, both issues I've found are fixed now. If you want to change my patch for TextType or commit something else, please feel free.