Issue Details (XML | Word | Printable)

Key: CORE-5317
Type: Bug Bug
Status: Open Open
Priority: Minor Minor
Assignee: Unassigned
Reporter: Geoff Worboys
Votes: 0
Watchers: 3

If you were logged in you would be able to see more operations.
Firebird Core

Stack overflow in cvt.cpp with invalid DSC from UDF

Created: 23/Jul/16 04:56 PM   Updated: 26/Jul/16 01:06 PM
Component/s: UDF
Affects Version/s: 2.5.6
Fix Version/s: None

QA Status: No test

 Description  « Hide
I've marked this down as a UDF related issue because I don't imagine you should get invalid DSC from anywhere else.

If a UDF returns an invalid result "by descriptor" (an invalid DSC) then it is possible for CVT_Move to get called in an attempt to convert the return value. The conversion fails and calls CVT_conversion_error, which can result in a call to CVT_Move (trying to convert to the input to ASCII to give a useful message), but when the DSC is invalid that fails too and so we get infinite recursion and a stack overflow.

I was experimenting with changing the return dsc_type to 0 (unknown) because that apparently used to be a way to indicate an error to the server by causing a conversion error (according to a really old document by Claudio). But all I get now is a stack overflow.

Only reported as minor because, let's face it, the problem actually lies in the UDF. But it would be nice if the server would fail gracefully.

 All   Comments   Change History   Subversion Commits      Sort Order: Ascending order - Click to sort in descending order
Geoff Worboys added a comment - 26/Jul/16 01:06 PM
I have confirmed that this problem still exists in Firebird v3.0.0 (release version). It was only a very simple test - a UDF returning a paramdsc with a dsc_type of 0 - but it caused a stack overflow error.