Home > mailing lists

Thread: Crash in 64 bit ODBC driver when using bookmarks

Crash in 64 bit ODBC driver when using bookmarks

From

Paal Christof

Date:

19 October 2018, 12:16:33

Dear Sir or Madam,

I think I have found a bug in the PostgreSQL ODBC driver (of which I am using the latest version 10_03).

I am using SQLBindCol to bind a bookmark column of type SQL_C_VARBOOKMARK.

Everything works perfectly when I compile my application in 32 bit mode and use the 32 bit ODBC driver.

With the 64 bit driver I get an instant crash (memory exception).

With logging turned on, the last entry in the mylog is the following:

[SC_Create_bookmark]3133: entering type=-2 buflen=64 buf=000000000C6AF268

I can also attach a debugger and the crash happens at the following line:

memcpy(CALC_BOOKMARK_ADDR(bookmark, offset, bind_size, bind_row), &pg_bm, cvtlen);

At that time the value of the bookmark variable is: bookmark = 0x0000000000000001 {buflen=??? buffer=??? used=??? ...}, screenshot attached.

Although it received good values when the function was called (as seen in the log), the memory got corrupted in between and it is no longer a valid pointer.

I assume this is because something is writing a 64 bit value into a buffer which is only made for a 32 bit integer.

Can you please fix the crash in the next version of the ODBC driver?

Regards,

Christof PAAL

NATO Communications and Information Agency

Service Support and Business Applications | Senior System Manager

SHAPE, B-7010 Mons, Belgium

T: 254 9446

E: christof.paal@ncia.nato.int W: www.ncia.nato.int

Attachment

psqlodbc.jpg

Re: Crash in 64 bit ODBC driver when using bookmarks

From

Heikki Linnakangas

Date:

21 October 2018, 20:42:37

On 19/10/2018 15:16, Paal Christof wrote:
> I think I have found a bug in the PostgreSQL ODBC driver (of which I am using the latest version 10_03).
> I am using SQLBindCol to bind a bookmark column of type SQL_C_VARBOOKMARK.
> 
> Everything works perfectly when I compile my application in 32 bit mode and use the 32 bit ODBC driver.
> With the 64 bit driver I get an instant crash (memory exception).
> With logging turned on, the last entry in the mylog is the following:
> [SC_Create_bookmark]3133: entering type=-2 buflen=64 buf=000000000C6AF268
> 
> I can also attach a debugger and the crash happens at the following line:
>                  memcpy(CALC_BOOKMARK_ADDR(bookmark, offset, bind_size, bind_row), &pg_bm, cvtlen);
> 
> At that time the value of the bookmark variable is: bookmark = 0x0000000000000001 {buflen=??? buffer=??? used=???
...},screenshot attached.
 
> Although it received good values when the function was called (as seen in the log), the memory got corrupted in
betweenand it is no longer a valid pointer.
 
> I assume this is because something is writing a 64 bit value into a buffer which is only made for a 32 bit integer.

Can you provide a self-contained test case? There is a test case that 
uses SQLBindCol with SQL_C_VARBOOKMARK, in the regression test suite, 
and it's been working fine:


https://git.postgresql.org/gitweb/?p=psqlodbc.git;a=blob;f=test/src/bookmark-test.c;h=ccdfa5e8428900bae4264c581774a8c6c2d34b80;hb=HEAD#l108

If you could reproduce the crash with some changes to that test program, 
that would help a lot.

- Heikki