[#CORE-5972] External engine trigger crashing server if table have computed field

Firebird Core

External engine trigger crashing server if table have computed field

Created: 06/Dec/18 09:44 AM Updated: 13/Mar/20 09:49 PM

Component/s:

Engine

Affects Version/s:

3.0.4, 4.0 Beta 1, 4.0 Beta 2

Fix Version/s:

4.0 Beta 2, 3.0.6

QA Status:

Done successfully

Description

« Hide

Reproduction steps (on master):

1. Create simple UDR trigger in examples/udr/Triggers.cpp and build it.

FB_UDR_BEGIN_TRIGGER(dummy)
FB_UDR_EXECUTE_TRIGGER
{
printf("test! \n");
}
FB_UDR_END_TRIGGER

2. Execute it on table with computed field:

create database 'localhost:/tmp/test_trig.fdb';
create table test(id int, comp int computed by (1));
create trigger dummy after insert on test external name 'udrcpp_example!dummy' engine udr;
insert into test values(1);

3. Server will crash.

Stacktrace:

Thread 5 "firebird" received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7ffff0c04700 (LWP 15380)]
__memmove_sse2_unaligned_erms () at ../sysdeps/x86_64/multiarch/memmove-vec-unaligned-erms.S:311
311 ../sysdeps/x86_64/multiarch/memmove-vec-unaligned-erms.S: No such file or directory.
(gdb) bt 6
#0 __memmove_sse2_unaligned_erms () at ../sysdeps/x86_64/multiarch/memmove-vec-unaligned-erms.S:311
#1 0x00007ffff4e62d82 in CVT_move_common (from=0x7ffff0c02440, to=0x7ffff0c02450, decSt=..., cb=0x7ffff47cc700) at /workspace/rdb/firebird_master/src/common/cvt.cpp:1508
#2 0x00007ffff4a85e45 in CVT_move (from=0x7ffff0c02440, to=0x7ffff0c02450, decSt=...) at /workspace/rdb/firebird_master/src/jrd/../jrd/cvt_proto.h:74
#3 0x00007ffff4b4d66f in MOV_move (tdbb=0x7ffff0c03580, from=0x7ffff0c02440, to=0x7ffff0c02450) at /workspace/rdb/firebird_master/src/jrd/mov.cpp:449
#4 0x00007ffff4977d9f in Jrd::ExtEngineManager::Trigger::setValues (this=0x7ffff4378c80, tdbb=0x7ffff0c03580, msgBuffer=..., rpb=0x7fffe8fe55f0)
at /workspace/rdb/firebird_master/src/jrd/ExtEngineManager.cpp:983
#5 0x00007ffff49777e8 in Jrd::ExtEngineManager::Trigger::execute (this=0x7ffff4378c80, tdbb=0x7ffff0c03580, action=1, oldRpb=0x0, newRpb=0x7fffe8fe55f0)
at /workspace/rdb/firebird_master/src/jrd/ExtEngineManager.cpp:914
(More stack frames follow...)
(gdb) f 1
#1 0x00007ffff4e62d82 in CVT_move_common (from=0x7ffff0c02440, to=0x7ffff0c02450, decSt=..., cb=0x7ffff47cc700) at /workspace/rdb/firebird_master/src/common/cvt.cpp:1508
1508 memcpy(p, q, length);
(gdb) p q
$1 = (const UCHAR *) 0x0

Description

Reproduction steps (on master): 1. Create simple UDR trigger in examples/udr/Triggers.cpp and build it. FB_UDR_BEGIN_TRIGGER(dummy) FB_UDR_EXECUTE_TRIGGER { printf("test! \n"); } FB_UDR_END_TRIGGER 2. Execute it on table with computed field: create database 'localhost:/tmp/test_trig.fdb'; create table test(id int, comp int computed by (1)); create trigger dummy after insert on test external name 'udrcpp_example!dummy' engine udr; insert into test values(1); 3. Server will crash. Stacktrace: Thread 5 "firebird" received signal SIGSEGV, Segmentation fault. [Switching to Thread 0x7ffff0c04700 (LWP 15380)] __memmove_sse2_unaligned_erms () at ../sysdeps/x86_64/multiarch/memmove-vec-unaligned-erms.S:311 311 ../sysdeps/x86_64/multiarch/memmove-vec-unaligned-erms.S: No such file or directory. (gdb) bt 6 #0 __memmove_sse2_unaligned_erms () at ../sysdeps/x86_64/multiarch/memmove-vec-unaligned-erms.S:311 #1 0x00007ffff4e62d82 in CVT_move_common (from=0x7ffff0c02440, to=0x7ffff0c02450, decSt=..., cb=0x7ffff47cc700) at /workspace/rdb/firebird_master/src/common/cvt.cpp:1508 #2 0x00007ffff4a85e45 in CVT_move (from=0x7ffff0c02440, to=0x7ffff0c02450, decSt=...) at /workspace/rdb/firebird_master/src/jrd/../jrd/cvt_proto.h:74 #3 0x00007ffff4b4d66f in MOV_move (tdbb=0x7ffff0c03580, from=0x7ffff0c02440, to=0x7ffff0c02450) at /workspace/rdb/firebird_master/src/jrd/mov.cpp:449 #4 0x00007ffff4977d9f in Jrd::ExtEngineManager::Trigger::setValues (this=0x7ffff4378c80, tdbb=0x7ffff0c03580, msgBuffer=..., rpb=0x7fffe8fe55f0) at /workspace/rdb/firebird_master/src/jrd/ExtEngineManager.cpp:983 #5 0x00007ffff49777e8 in Jrd::ExtEngineManager::Trigger::execute (this=0x7ffff4378c80, tdbb=0x7ffff0c03580, action=1, oldRpb=0x0, newRpb=0x7fffe8fe55f0) at /workspace/rdb/firebird_master/src/jrd/ExtEngineManager.cpp:914 (More stack frames follow...) (gdb) f 1 #1 0x00007ffff4e62d82 in CVT_move_common (from=0x7ffff0c02440, to=0x7ffff0c02450, decSt=..., cb=0x7ffff47cc700) at /workspace/rdb/firebird_master/src/common/cvt.cpp:1508 1508 memcpy(p, q, length); (gdb) p q $1 = (const UCHAR *) 0x0

Show »

All

Comments

Change History

Subversion Commits

Sort Order:

[ Permalink | « Hide ]

Adriano dos Santos Fernandes added a comment - 21/Jan/19 03:07 PM

Please test master, then I will backport the fix.

[ Permalink | « Hide ]

Adriano dos Santos Fernandes added a comment - 30/Jan/19 02:14 PM

@Artyom do you have some plan to test it?

[ Permalink | « Hide ]

Artyom Smirnov added a comment - 30/Jan/19 02:53 PM

I will test it tomorrow.

[ Permalink | « Hide ]

Artyom Smirnov added a comment - 31/Jan/19 09:00 AM

I have tested mostly with fbjava and bit with udr engine, looks like all OK.

[ Permalink | « Hide ]

Artyom Smirnov added a comment - 20/Sep/19 12:45 PM

Looks like another issue with external engine triggers and computed fields:

Inserting into table with field computed by select expression, will lead to stack smashing.

For example simple table like this:

create table test(id int, c1 computed by ((select '' from rdb$database)));

On debug build of master:

(gdb) bt
#0 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
#1 0x00007ffff7762535 in __GI_abort () at abort.c:79
#2 0x00007ffff77c9726 in __libc_message (action=action@entry=do_abort, fmt=fmt@entry=0x7ffff78ef740 "*** %s ***: %s terminated\n") at ../sysdeps/posix/libc_fatal.c:181
#3 0x00007ffff786c261 in __GI___fortify_fail_abort (need_backtrace=need_backtrace@entry=false, msg=msg@entry=0x7ffff78ef71e "stack smashing detected") at fortify_fail.c:33
#4 0x00007ffff786c222 in __stack_chk_fail () at stack_chk_fail.c:29
#5 0x00007ffff537ddbd in Jrd::ExtEngineManager::Trigger::setupComputedFields (this=0x7ffff2a947a0, tdbb=0x7ffff1554cd0, pool=..., csb=0x7fffe190e8a0)
    at /workspace/rdb/firebird_master/src/jrd/ExtEngineManager.cpp:1050
#6 0x00007ffff537ce26 in Jrd::ExtEngineManager::Trigger::Trigger (this=0x7ffff2a947a0, tdbb=0x7ffff1554cd0, pool=..., csb=0x7fffe190e8a0, aExtManager=0x7ffff2514a60, aEngine=0x7fffe17678d8,
    aMetadata=0x7ffff4df4370, aTrigger=0x7fffe1767b88, aTrg=0x7fffe1954fd0) at /workspace/rdb/firebird_master/src/jrd/ExtEngineManager.cpp:887
#7 0x00007ffff53818c4 in Jrd::ExtEngineManager::makeTrigger (this=0x7ffff2514a60, tdbb=0x7ffff1554cd0, csb=0x7fffe190e8a0, trg=0x7fffe1954fd0, engine=..., entryPoint=..., body=..., type=2)
    at /workspace/rdb/firebird_master/src/jrd/ExtEngineManager.cpp:1613
#8 0x00007ffff5507841 in Jrd::Trigger::compile (this=0x7fffe1954fd0, tdbb=0x7ffff1554cd0) at /workspace/rdb/firebird_master/src/jrd/jrd.cpp:896
#9 0x00007ffff53ba79a in Jrd::JrdStatement::triggersExternalAccess (tdbb=0x7ffff1554cd0, list=..., tvec=0x7fffe190b4c0, user=...) at /workspace/rdb/firebird_master/src/jrd/JrdStatement.cpp:713
#10 0x00007ffff53b95cb in Jrd::JrdStatement::buildExternalAccess (this=0x7fffe1909630, tdbb=0x7ffff1554cd0, list=..., user=...) at /workspace/rdb/firebird_master/src/jrd/JrdStatement.cpp:788
#11 0x00007ffff53b7f88 in Jrd::JrdStatement::verifyAccess (this=0x7fffe1909630, tdbb=0x7ffff1554cd0) at /workspace/rdb/firebird_master/src/jrd/JrdStatement.cpp:406
#12 0x00007ffff548ce0c in CMP_compile2 (tdbb=0x7ffff1554cd0, blr=0x7fffe2fac6e8 "\005\002\017K\200", blr_length=23, internal_flag=false, dbginfo_length=0,
    dbginfo=0x7fffe2facb08 '\314' <repeats 127 times>, <incomplete sequence \314>) at /workspace/rdb/firebird_master/src/jrd/cmp.cpp:199
#13 0x00007ffff552407e in JRD_compile (tdbb=0x7ffff1554cd0, attachment=0x7ffff2a94e20, req_handle=0x7ffff00b8ff0, blr_length=23, blr=0x7fffe2fac6e8 "\005\002\017K\200", ref_str=..., dbginfo_length=0,

[ Show » ]

Artyom Smirnov added a comment - 20/Sep/19 12:45 PM Looks like another issue with external engine triggers and computed fields: Inserting into table with field computed by select expression, will lead to stack smashing. For example simple table like this: create table test(id int, c1 computed by ((select '' from rdb$database))); On debug build of master: (gdb) bt #0 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50 #1 0x00007ffff7762535 in __GI_abort () at abort.c:79 #2 0x00007ffff77c9726 in __libc_message (action=action@entry=do_abort, fmt=fmt@entry=0x7ffff78ef740 "*** %s ***: %s terminated\n") at ../sysdeps/posix/libc_fatal.c:181 #3 0x00007ffff786c261 in __GI___fortify_fail_abort (need_backtrace=need_backtrace@entry=false, msg=msg@entry=0x7ffff78ef71e "stack smashing detected") at fortify_fail.c:33 #4 0x00007ffff786c222 in __stack_chk_fail () at stack_chk_fail.c:29 #5 0x00007ffff537ddbd in Jrd::ExtEngineManager::Trigger::setupComputedFields (this=0x7ffff2a947a0, tdbb=0x7ffff1554cd0, pool=..., csb=0x7fffe190e8a0) at /workspace/rdb/firebird_master/src/jrd/ExtEngineManager.cpp:1050 #6 0x00007ffff537ce26 in Jrd::ExtEngineManager::Trigger::Trigger (this=0x7ffff2a947a0, tdbb=0x7ffff1554cd0, pool=..., csb=0x7fffe190e8a0, aExtManager=0x7ffff2514a60, aEngine=0x7fffe17678d8, aMetadata=0x7ffff4df4370, aTrigger=0x7fffe1767b88, aTrg=0x7fffe1954fd0) at /workspace/rdb/firebird_master/src/jrd/ExtEngineManager.cpp:887 #7 0x00007ffff53818c4 in Jrd::ExtEngineManager::makeTrigger (this=0x7ffff2514a60, tdbb=0x7ffff1554cd0, csb=0x7fffe190e8a0, trg=0x7fffe1954fd0, engine=..., entryPoint=..., body=..., type=2) at /workspace/rdb/firebird_master/src/jrd/ExtEngineManager.cpp:1613 #8 0x00007ffff5507841 in Jrd::Trigger::compile (this=0x7fffe1954fd0, tdbb=0x7ffff1554cd0) at /workspace/rdb/firebird_master/src/jrd/jrd.cpp:896 #9 0x00007ffff53ba79a in Jrd::JrdStatement::triggersExternalAccess (tdbb=0x7ffff1554cd0, list=..., tvec=0x7fffe190b4c0, user=...) at /workspace/rdb/firebird_master/src/jrd/JrdStatement.cpp:713 #10 0x00007ffff53b95cb in Jrd::JrdStatement::buildExternalAccess (this=0x7fffe1909630, tdbb=0x7ffff1554cd0, list=..., user=...) at /workspace/rdb/firebird_master/src/jrd/JrdStatement.cpp:788 #11 0x00007ffff53b7f88 in Jrd::JrdStatement::verifyAccess (this=0x7fffe1909630, tdbb=0x7ffff1554cd0) at /workspace/rdb/firebird_master/src/jrd/JrdStatement.cpp:406 #12 0x00007ffff548ce0c in CMP_compile2 (tdbb=0x7ffff1554cd0, blr=0x7fffe2fac6e8 "\005\002\017K\200", blr_length=23, internal_flag=false, dbginfo_length=0, dbginfo=0x7fffe2facb08 '\314' <repeats 127 times>, <incomplete sequence \314>) at /workspace/rdb/firebird_master/src/jrd/cmp.cpp:199 #13 0x00007ffff552407e in JRD_compile (tdbb=0x7ffff1554cd0, attachment=0x7ffff2a94e20, req_handle=0x7ffff00b8ff0, blr_length=23, blr=0x7fffe2fac6e8 "\005\002\017K\200", ref_str=..., dbginfo_length=0,

[ Permalink | « Hide ]

Artyom Smirnov added a comment - 09/Dec/19 12:33 PM

Can someone review: https://github.com/FirebirdSQL/firebird/pull/243

This is simple fix based on current built-in triggers implementation.