Issue Details (XML | Word | Printable)

Key: CORE-5849
Type: Bug Bug
Status: Open Open
Priority: Critical Critical
Assignee: Unassigned
Reporter: Karol Bieniaszewski
Votes: 0
Watchers: 4
Operations

If you were logged in you would be able to see more operations.
Firebird Core

Alter function result type and run query can cause server to crash (utf8 only)

Created: 20/Jun/18 08:30 AM   Updated: 24/Sep/19 11:35 AM
Component/s: Engine
Affects Version/s: 3.0.4, 3.0.5
Fix Version/s: None

Environment:
WI-V3.0.4.32954 Firebird 3.0
WI-V3.0.5.33161 Firebird 3.0

QA Status: No test


 Description  « Hide
SET TERM ^ ;
CREATE FUNCTION FUN2(A CHAR(8), B CHAR(4), C CHAR(12)) RETURNS CHAR(2)
AS
DECLARE VARIABLE VAR_RESULT VARCHAR(50);
BEGIN
  VAR_RESULT = A || B || C;
  IF (char_length(VAR_RESULT)=20) then
    VAR_RESULT = '21312321';
    
  RETURN VAR_RESULT;
END^
SET TERM ; ^


SET TERM ^ ;
CREATE FUNCTION FUN1(A CHAR(8), B CHAR(4), C CHAR(12)) RETURNS CHAR(26)
AS
BEGIN
  RETURN FUN2(A, B, C) || A;
END^
SET TERM ; ^


------------------------------------------------------------------------------------------
run the query:
SELECT FUN1('1020', '2080', '000625180347'), FUN2('1020', '2080', '000625180347') FROM RDB$DATABASE
commit;

------------------------------------------------------------------------------------------
alter result type

SET TERM ^ ;
ALTER FUNCTION FUN2(A CHAR(8), B CHAR(4), C CHAR(12)) RETURNS CHAR(50)
AS
DECLARE VARIABLE VAR_RESULT VARCHAR(50);
BEGIN

  VAR_RESULT = '1020208000062518034721312321';
    
  RETURN VAR_RESULT;
END^
SET TERM ; ^
commit;
------------------------------------------------------------------------------------------
run the query:
SELECT FUN1('1020', '2080', '000625180347') FROM RDB$DATABASE

 All   Comments   Change History   Subversion Commits      Sort Order: Ascending order - Click to sort in descending order
Karol Bieniaszewski made changes - 24/Jun/18 09:06 AM
Field Original Value New Value
Summary Alter function result type and run query can cause server to crash Alter function result type and run query can cause server to crash (utf8 only)
Karol Bieniaszewski made changes - 12/Aug/19 11:55 AM
Affects Version/s 3.0.5 [ 10885 ]
Environment WI-V3.0.4.32954 Firebird 3.0 WI-V3.0.4.32954 Firebird 3.0
WI-V3.0.5.33161 Firebird 3.0
Karol Bieniaszewski made changes - 23/Sep/19 12:08 PM
Description SET TERM ^ ;
CREATE FUNCTION FUN2(A CHAR(8), B CHAR(4), C CHAR(12)) RETURNS CHAR(2)
AS
DECLARE VARIABLE VAR_RESULT VARCHAR(50);
BEGIN
  VAR_RESULT = A || B || C;
  IF (char_length(VAR_RESULT)=20) then
    VAR_RESULT = '21312321';
    
  RETURN VAR_RESULT;
END^
SET TERM ; ^


SET TERM ^ ;
CREATE FUNCTION FUN1(A CHAR(8), B CHAR(4), C CHAR(12)) RETURNS CHAR(26)
AS
BEGIN
  RETURN FUN2(A, B, C) || A || B || C;
END^
SET TERM ; ^


------------------------------------------------------------------------------------------
run the query:
SELECT FUN1('1020', '2080', '000625180347'), FUN2('1020', '2080', '000625180347') FROM RDB$DATABASE
commit;

------------------------------------------------------------------------------------------
alter result type

SET TERM ^ ;
ALTER FUNCTION FUN2(A CHAR(8), B CHAR(4), C CHAR(12)) RETURNS CHAR(50)
AS
DECLARE VARIABLE VAR_RESULT VARCHAR(50);
BEGIN
  VAR_RESULT = A || B || C;
  IF (char_length(VAR_RESULT)=20) then
    VAR_RESULT = '21312321';
    
  RETURN VAR_RESULT;
END^
SET TERM ; ^

------------------------------------------------------------------------------------------
run the query:
SELECT FUN1('1020', '2080', '000625180347'), FUN2('1020', '2080', '000625180347') FROM RDB$DATABASE

------------------------------------------------------------------------------------------

error reading data from the connection...

FIREBIRDDEV Wed Jun 20 09:52:34 2018
Access violation.
The code attempted to access a virtual
address without privilege to do so.
This exception will cause the Firebird server
to terminate abnormally.
SET TERM ^ ;
CREATE FUNCTION FUN2(A CHAR(8), B CHAR(4), C CHAR(12)) RETURNS CHAR(2)
AS
DECLARE VARIABLE VAR_RESULT VARCHAR(50);
BEGIN
  VAR_RESULT = A || B || C;
  IF (char_length(VAR_RESULT)=20) then
    VAR_RESULT = '21312321';
    
  RETURN VAR_RESULT;
END^
SET TERM ; ^


SET TERM ^ ;
CREATE FUNCTION FUN1(A CHAR(8), B CHAR(4), C CHAR(12)) RETURNS CHAR(26)
AS
BEGIN
  RETURN FUN2(A, B, C) || A;
END^
SET TERM ; ^


------------------------------------------------------------------------------------------
run the query:
SELECT FUN1('1020', '2080', '000625180347'), FUN2('1020', '2080', '000625180347') FROM RDB$DATABASE
commit;

------------------------------------------------------------------------------------------
alter result type

SET TERM ^ ;
ALTER FUNCTION FUN2(A CHAR(8), B CHAR(4), C CHAR(12)) RETURNS CHAR(50)
AS
DECLARE VARIABLE VAR_RESULT VARCHAR(50);
BEGIN

  VAR_RESULT = '1020208000062518034721312321';
    
  RETURN VAR_RESULT;
END^
SET TERM ; ^
commit;
------------------------------------------------------------------------------------------
run the query:
SELECT FUN1('1020', '2080', '000625180347') FROM RDB$DATABASE