New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Server terminates abnormally when iscDatabaseInfo() is called with buffer size = 0 [CORE4300] #4623
Comments
Modified by: @pavel-zotovAttachment: FbGetDatabaseinfo_java.zip [ 12403 ] |
Commented by: @pavel-zotov On SuperClassic such call leads to these messages in firebird.log: CSMIRROR Sun Dec 15 23:53:25 2013 CSMIRROR Sun Dec 15 23:53:25 2013 CSMIRROR Sun Dec 15 23:53:25 2013 -- and just after this messages window that runs java class will get: |
Commented by: Claudio Valderrama C. (robocop) The guardian does not terminate the server. The guardian is telling you that server crashed. |
Modified by: Claudio Valderrama C. (robocop)Version: 2.5.2 [ 10450 ] Component: Engine [ 10000 ] summary: Guardian abnormally terminates SuperServer.exe with code=4294967295 when someone issues call of iscDatabaseInfo() with error buffer size = 0 => SuperServer.exe terminates abnormally with code=4294967295 when iscDatabaseInfo() is called with error buffer size = 0 Component: Guardian [ 10100 ] => |
Modified by: @dyemanovsummary: SuperServer.exe terminates abnormally with code=4294967295 when iscDatabaseInfo() is called with error buffer size = 0 => Server terminates abnormally with code=4294967295 when iscDatabaseInfo() is called with error buffer size = 0 |
Modified by: @dyemanovassignee: Dmitry Yemanov [ dimitr ] |
Modified by: @dyemanovsummary: Server terminates abnormally with code=4294967295 when iscDatabaseInfo() is called with error buffer size = 0 => Server terminates abnormally when iscDatabaseInfo() is called with buffer size = 0 |
Commented by: @dyemanov I've committed the fix for v2.5.3, please test. |
Commented by: @pavel-zotov Confirm: this bug was fixed (checked both SS and SC, WI-V2.5.3.26727) |
Modified by: @dyemanovstatus: Open [ 1 ] => Resolved [ 5 ] resolution: Fixed [ 1 ] Fix Version: 2.5.3 [ 10461 ] |
Modified by: @pcisarstatus: Resolved [ 5 ] => Closed [ 6 ] |
Modified by: @pavel-zotovstatus: Closed [ 6 ] => Closed [ 6 ] QA Status: No test => Cannot be tested Test Details: No ability to manage buffer size in the Python fdb driver from outside. def database_info(self, info_code, result_type, page_number = None): |
Submitted by: @pavel-zotov
Attachments:
FbGetDatabaseinfo_java.zip
It seems that there is somewhat like flaw in protection from invalid arguments inside function iscDatabaseInfo.
For example, gardian of FB SuperServer 2.5.2 will stops service if we pass buffer size = 0 instead of returning (for instance) just empty buffer.
Sample for JayBird (source .java see in attah, class FbGetDatabaseInfo).
window #1
java -cp .;jaybird-full-2.2.4.jar FbGetDatabaseInfo
output:
---------
23:28:46.421 trying to attach. . .
23:28:46.531 attached to 192.168.0.201/3252:employee
23:28:46.546 trying to gather db statistics. . .
--- hangs! no output any more ---
After few seconds in firebird.log on host 192.168.0.201:
CSMIRROR (Client) Sun Dec 15 23:29:10 2013
"C:\1Install\FIREBIRD_2_5\bin\fbserver.exe": terminated abnormally (4294967295)
Window #1 will hang infinitely after that moment.
window #2
isql 192.168.0.201/3252:employee
-- also hangs :( // no answer during five minutes; after this I've cancelled this waiting
BTW, even if we kill window #1 Firebird will not answered for further attempts to connect via ISQL. Guardian service can be terminated only after ~ 1 minute rather than in 1-2 seconds as in common case.
===========================
SQL> show version;
ISQL Version: WI-V2.5.3.26722 Firebird 2.5
Server version:
Firebird/x86/Windows NT (access method), version "WI-V2.5.3.26682 Firebird 2.5"
Firebird/x86/Windows NT (remote server), version "WI-V2.5.3.26682 Firebird 2.5/tcp (CSMIRROR)/P12"
Firebird/x86/Windows NT (remote interface), version "WI-V2.5.3.26722 Firebird 2.5/tcp (csprog)/P12"
on disk structure version 11.2
Commits: b2375e3 036a3cb FirebirdSQL/fbt-repository@eb49c6b FirebirdSQL/fbt-repository@d7623bd
====== Test Details ======
No ability to manage buffer size in the Python fdb driver from outside.
See database_info() method of class Connection, file http://fbcore.py:
def database_info(self, info_code, result_type, page_number = None):
....
self.__check_attached()
buf_size = 256 if info_code != fb_info_page_contents else self.page_size + 10
request_buffer = bs([info_code])
The text was updated successfully, but these errors were encountered: