Issue Details (XML | Word | Printable)

Key: ODBC-174
Type: Bug Bug
Status: Closed Closed
Resolution: Fixed
Priority: Major Major
Assignee: Alexander Potapchenko
Reporter: Alexander Lebedev
Votes: 0
Watchers: 0

If you were logged in you would be able to see more operations.
ODBC Driver

SIGSEGV received in memcpy in JString constructor incorrect input parameter

Created: 04/Aug/14 08:53 AM   Updated: 06/Mar/16 05:35 PM
Component/s: None
Affects Version/s: 2.0.2
Fix Version/s: 2.0.4

Environment: RHEL 6.2

 Description  « Hide
I use linux (RHEL 6.2) version of ODBC fb driver built from source code.
My process has crashed with Segmentation fault on odbc::DriverManager::getConnection attempt. Please see the backtrace below:

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7fffd999f700 (LWP 6802)]
0x00007fffef588bf5 in __memcpy_ssse3 () from /lib64/
Missing separate debuginfos, use: debuginfo-install FirebirdCS- bzip2-libs-1.0.5-7.el6_0.x86_64 cyrus-sasl-lib-2.1.23-13.el6.x86_64 glib2-2.22.5-6.el6.x86_64 glibc-2.12-1.47.el6.x86_64 glibmm24-2.22.1-1.el6.x86_64 keyutils-libs-1.4-3.el6.x86_64 krb5-libs-1.9-22.el6.x86_64 libaio-0.3.107-10.el6.x86_64 libcom_err-1.41.12-11.el6.x86_64 libcurl-7.19.7-26.el6_1.2.x86_64 libgcc-4.4.6-3.el6.x86_64 libgomp-4.4.6-3.el6.x86_64 libidn-1.18-2.el6.x86_64 libselinux-2.0.94-5.2.el6.x86_64 libsigc+20- libstdc+-4.4.6-3.el6.x86_64 libtool-ltdl-2.2.6-15.5.el6.x86_64 libunwind-1.0.1-1.el6.x86_64 libxml2-2.7.6-4.el6.x86_64 ncurses-libs-5.7-3.20090208.el6.x86_64 nspr-4.8.8-3.el6.x86_64 nss-3.12.10-16.el6.x86_64 nss-softokn-freebl-3.12.9-11.el6.x86_64 nss-util-3.12.10-2.el6.x86_64 openldap-2.4.23-20.el6.x86_64 openssl-1.0.0-20.el6.x86_64 perl-libs-5.10.1-119.el6_1.1.x86_64 udns-0.0.9-5.el6.x86_64 unixODBC-2.2.14-11.el6.x86_64 zlib-1.2.3-27.el6.x86_64
(gdb) bt
#0 0x00007fffef588bf5 in __memcpy_ssse3 () from /lib64/
#1 0x00007fffe4f7ea62 in classJString::JString::setString(char const*, int) () from /usr/lib64/
#2 0x00007fffe4f7eda0 in classJString::JString::JString(char const*, int) () from /usr/lib64/
#3 0x00007fffe4fa17fd in OdbcJdbcLibrary::OdbcConnection::readAttribute(char const*) () from /usr/lib64/
#4 0x00007fffe4fa3f1c in OdbcJdbcLibrary::OdbcConnection::expandConnectParameters() () from /usr/lib64/
#5 0x00007fffe4f9ffb6 in OdbcJdbcLibrary::OdbcConnection::sqlDriverConnect(void*, unsigned char const*, int, unsigned char*, int, short*, int) () from /usr/lib64/
#6 0x00007fffe4f97630 in SQLDriverConnect () from /usr/lib64/
#7 0x00007fffee31bec2 in SQLDriverConnect () from /usr/lib64/
#8 0x00007ffff7ba4395 in odbc::Connection::_connect (this=0x1390c800, connectString=<value optimized out>,
drvcompl=<value optimized out>) at connection.cpp:227
#9 0x00007ffff7ba288b in odbc::DriverManager::getConnection (connectString="DSN=ocs_cfg_db;UID=sysdba;PWD=masterkey")
at drivermanager.cpp:231

After checking the source code of the driver, I believe I have found the root cause of the issue.
There is no check of the return value of SQLGetPrivateProfileString function in the function below
JString OdbcConnection::readAttribute(const char * attribute)
 char buffer [256];
 int ret = SQLGetPrivateProfileString (dsn, attribute, "", buffer, sizeof (buffer), env->odbcIniFileName);
 return JString (buffer, ret);
Since SQLGetPrivateProfileString can return -1 in some cases (ex. can't open odbcini file), this -1 value is passed to memcpy function in JString constructor as one of arguments, which leads to crash.

I suggest to fix it by adding a check of the SQLGetPrivateProfileString return value
JString OdbcConnection::readAttribute(const char * attribute)
 char buffer [256];
 int ret = SQLGetPrivateProfileString (dsn, attribute, "", buffer, sizeof (buffer), env->odbcIniFileName);
 if (ret < 0)
   ret = 0;
 return JString (buffer, ret);

PS Unfortunately I can't test the fix, since it is hard to reproduce the issue with filesystem which leads to odbcini file reading problems.

 All   Comments   Change History   Subversion Commits      Sort Order: Ascending order - Click to sort in descending order
Alexander Potapchenko added a comment - 26/Jan/15 03:48 PM
Fixed in CVS