Issue Details (XML | Word | Printable)

Key: CORE-5972
Type: Bug Bug
Status: Closed Closed
Resolution: Fixed
Priority: Major Major
Assignee: Adriano dos Santos Fernandes
Reporter: Artyom Smirnov
Votes: 1
Watchers: 3

If you were logged in you would be able to see more operations.
Firebird Core

External engine trigger crashing server if table have computed field

Created: 06/Dec/18 09:44 AM   Updated: 13/Mar/20 09:49 PM
Component/s: Engine
Affects Version/s: 3.0.4, 4.0 Beta 1, 4.0 Beta 2
Fix Version/s: 4.0 Beta 2, 3.0.6

QA Status: Done successfully

 Description  « Hide
Reproduction steps (on master):

1. Create simple UDR trigger in examples/udr/Triggers.cpp and build it.

printf("test! \n");

2. Execute it on table with computed field:

create database 'localhost:/tmp/test_trig.fdb';
create table test(id int, comp int computed by (1));
create trigger dummy after insert on test external name 'udrcpp_example!dummy' engine udr;
insert into test values(1);

3. Server will crash.


Thread 5 "firebird" received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7ffff0c04700 (LWP 15380)]
__memmove_sse2_unaligned_erms () at ../sysdeps/x86_64/multiarch/memmove-vec-unaligned-erms.S:311
311 ../sysdeps/x86_64/multiarch/memmove-vec-unaligned-erms.S: No such file or directory.
(gdb) bt 6
#0 __memmove_sse2_unaligned_erms () at ../sysdeps/x86_64/multiarch/memmove-vec-unaligned-erms.S:311
#1 0x00007ffff4e62d82 in CVT_move_common (from=0x7ffff0c02440, to=0x7ffff0c02450, decSt=..., cb=0x7ffff47cc700) at /workspace/rdb/firebird_master/src/common/cvt.cpp:1508
#2 0x00007ffff4a85e45 in CVT_move (from=0x7ffff0c02440, to=0x7ffff0c02450, decSt=...) at /workspace/rdb/firebird_master/src/jrd/../jrd/cvt_proto.h:74
#3 0x00007ffff4b4d66f in MOV_move (tdbb=0x7ffff0c03580, from=0x7ffff0c02440, to=0x7ffff0c02450) at /workspace/rdb/firebird_master/src/jrd/mov.cpp:449
#4 0x00007ffff4977d9f in Jrd::ExtEngineManager::Trigger::setValues (this=0x7ffff4378c80, tdbb=0x7ffff0c03580, msgBuffer=..., rpb=0x7fffe8fe55f0)
    at /workspace/rdb/firebird_master/src/jrd/ExtEngineManager.cpp:983
#5 0x00007ffff49777e8 in Jrd::ExtEngineManager::Trigger::execute (this=0x7ffff4378c80, tdbb=0x7ffff0c03580, action=1, oldRpb=0x0, newRpb=0x7fffe8fe55f0)
    at /workspace/rdb/firebird_master/src/jrd/ExtEngineManager.cpp:914
(More stack frames follow...)
(gdb) f 1
#1 0x00007ffff4e62d82 in CVT_move_common (from=0x7ffff0c02440, to=0x7ffff0c02450, decSt=..., cb=0x7ffff47cc700) at /workspace/rdb/firebird_master/src/common/cvt.cpp:1508
1508 memcpy(p, q, length);
(gdb) p q
$1 = (const UCHAR *) 0x0

 All   Comments   Change History   Subversion Commits      Sort Order: Ascending order - Click to sort in descending order
Adriano dos Santos Fernandes added a comment - 21/Jan/19 03:07 PM
Please test master, then I will backport the fix.

Adriano dos Santos Fernandes added a comment - 30/Jan/19 02:14 PM
@Artyom do you have some plan to test it?

Artyom Smirnov added a comment - 30/Jan/19 02:53 PM
I will test it tomorrow.

Artyom Smirnov added a comment - 31/Jan/19 09:00 AM
I have tested mostly with fbjava and bit with udr engine, looks like all OK.

Artyom Smirnov added a comment - 20/Sep/19 12:45 PM
Looks like another issue with external engine triggers and computed fields:

Inserting into table with field computed by select expression, will lead to stack smashing.

For example simple table like this:

create table test(id int, c1 computed by ((select '' from rdb$database)));

On debug build of master:

(gdb) bt
#0 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
#1 0x00007ffff7762535 in __GI_abort () at abort.c:79
#2 0x00007ffff77c9726 in __libc_message (action=action@entry=do_abort, fmt=fmt@entry=0x7ffff78ef740 "*** %s ***: %s terminated\n") at ../sysdeps/posix/libc_fatal.c:181
#3 0x00007ffff786c261 in __GI___fortify_fail_abort (need_backtrace=need_backtrace@entry=false, msg=msg@entry=0x7ffff78ef71e "stack smashing detected") at fortify_fail.c:33
#4 0x00007ffff786c222 in __stack_chk_fail () at stack_chk_fail.c:29
#5 0x00007ffff537ddbd in Jrd::ExtEngineManager::Trigger::setupComputedFields (this=0x7ffff2a947a0, tdbb=0x7ffff1554cd0, pool=..., csb=0x7fffe190e8a0)
    at /workspace/rdb/firebird_master/src/jrd/ExtEngineManager.cpp:1050
#6 0x00007ffff537ce26 in Jrd::ExtEngineManager::Trigger::Trigger (this=0x7ffff2a947a0, tdbb=0x7ffff1554cd0, pool=..., csb=0x7fffe190e8a0, aExtManager=0x7ffff2514a60, aEngine=0x7fffe17678d8,
    aMetadata=0x7ffff4df4370, aTrigger=0x7fffe1767b88, aTrg=0x7fffe1954fd0) at /workspace/rdb/firebird_master/src/jrd/ExtEngineManager.cpp:887
#7 0x00007ffff53818c4 in Jrd::ExtEngineManager::makeTrigger (this=0x7ffff2514a60, tdbb=0x7ffff1554cd0, csb=0x7fffe190e8a0, trg=0x7fffe1954fd0, engine=..., entryPoint=..., body=..., type=2)
    at /workspace/rdb/firebird_master/src/jrd/ExtEngineManager.cpp:1613
#8 0x00007ffff5507841 in Jrd::Trigger::compile (this=0x7fffe1954fd0, tdbb=0x7ffff1554cd0) at /workspace/rdb/firebird_master/src/jrd/jrd.cpp:896
#9 0x00007ffff53ba79a in Jrd::JrdStatement::triggersExternalAccess (tdbb=0x7ffff1554cd0, list=..., tvec=0x7fffe190b4c0, user=...) at /workspace/rdb/firebird_master/src/jrd/JrdStatement.cpp:713
#10 0x00007ffff53b95cb in Jrd::JrdStatement::buildExternalAccess (this=0x7fffe1909630, tdbb=0x7ffff1554cd0, list=..., user=...) at /workspace/rdb/firebird_master/src/jrd/JrdStatement.cpp:788
#11 0x00007ffff53b7f88 in Jrd::JrdStatement::verifyAccess (this=0x7fffe1909630, tdbb=0x7ffff1554cd0) at /workspace/rdb/firebird_master/src/jrd/JrdStatement.cpp:406
#12 0x00007ffff548ce0c in CMP_compile2 (tdbb=0x7ffff1554cd0, blr=0x7fffe2fac6e8 "\005\002\017K\200", blr_length=23, internal_flag=false, dbginfo_length=0,
    dbginfo=0x7fffe2facb08 '\314' <repeats 127 times>, <incomplete sequence \314>) at /workspace/rdb/firebird_master/src/jrd/cmp.cpp:199
#13 0x00007ffff552407e in JRD_compile (tdbb=0x7ffff1554cd0, attachment=0x7ffff2a94e20, req_handle=0x7ffff00b8ff0, blr_length=23, blr=0x7fffe2fac6e8 "\005\002\017K\200", ref_str=..., dbginfo_length=0,

Artyom Smirnov added a comment - 09/Dec/19 12:33 PM
Can someone review:

This is simple fix based on current built-in triggers implementation.