search

openlink / iODBC

An open-source ODBC driver manager and SDK that facilitates the development of database-independent applications on linux, freebsd, unix and MacOS X platforms.
http://www.iodbc.org/
Other
162 stars 52 forks source link

Crash in SQLBindParameter when driver manager tracing is enabled & a bind offset is in use #80

Closed matthew-wozniczka closed 2 years ago

matthew-wozniczka commented 2 years ago

I was trying to debug a test failure, and so I enabled driver manager tracing, but this caused a crash inside of iODBC

build   04-Oct-2022 11:57:16    #0  0xf770c430 in __kernel_vsyscall ()
build   04-Oct-2022 11:57:16    #1  0xf73bc257 in raise () from /lib/libc.so.6
build   04-Oct-2022 11:57:16    #2  0xf73bda93 in abort () from /lib/libc.so.6
build   04-Oct-2022 11:57:16    #3  0xf3a74ed1 in os::abort(bool) () from /opt/oracle/jdk8x86/jre/lib/i386/server/libjvm.so
build   04-Oct-2022 11:57:16    #4  0xf3bf3198 in VMError::report_and_die() () from /opt/oracle/jdk8x86/jre/lib/i386/server/libjvm.so
build   04-Oct-2022 11:57:16    #5  0xf3a7ab05 in JVM_handle_linux_signal () from /opt/oracle/jdk8x86/jre/lib/i386/server/libjvm.so
build   04-Oct-2022 11:57:16    #6  0xf3a70731 in signalHandler(int, siginfo*, void*) () from /opt/oracle/jdk8x86/jre/lib/i386/server/libjvm.so
build   04-Oct-2022 11:57:16    #7  <signal handler called>
build   04-Oct-2022 11:57:16    #8  0xf76f85cd in _trace_len_p () from /usr/local/odbc/dm/iodbc-3.52.8/32/release/lib/libiodbc.so.2
build   04-Oct-2022 11:57:16    #9  0xf76eacda in trace_SQLBindParameter () from /usr/local/odbc/dm/iodbc-3.52.8/32/release/lib/libiodbc.so.2
build   04-Oct-2022 11:57:16    #10 0xf76db7d3 in SQLBindParameter () from /usr/local/odbc/dm/iodbc-3.52.8/32/release/lib/libiodbc.so.2
build   04-Oct-2022 11:57:16    #11 0x082462c3 in Simba::ODBCTest::Cli::SqlBindParameter (this=0xaa92188 <Simba::ODBCTest::Singleton<Simba::ODBCTest::Cli>::m_instance>, handle=0xc16af758, paramNumber=1, inoutType=1, valueType=1, paramType=1, colSize=3, decimalDigits=0, value=0x0, buffer=0, StringLenPointer=0x1) at SimbaODBCTestFramework/Cli/Cli.cpp:689

The problem is that this test is testing the use of SQL_ATTR_PARAM_BIND_OFFSET_PTR, and so the StrLenOrInd pointer passed into SQLBindParameter isn't something that can simply be dereferenced directly (need to add the offset first), but that's exactly what https://github.com/openlink/iODBC/blob/92de4c0e8627b7ff69bfc682db6ba2c848d87b4f/iodbc/trace/BindParameter.c#L106 does (I was using 3.52.8, but nothing seems to have changed since then)

I don't think you can safely dereference that pointer at all from within SQLBindParameter, since the ODBC spec says it's a deferred buffer, so technically the application could do something strange like mess with memory permissions so that the address is only readable at execute time, and in any case it can set or re-set the bind offset at any time prior to execution.