File Backported-fix-for-CORE-4785-Bad-packet-of-op_execut.patch of Package firebird
From: alexpeshkoff <alexpeshkoff@65644016-39b1-43b1-bf79-96bc8fe82c15>
Date: Wed, 13 May 2015 13:25:02 +0000
Subject: Backported fix for CORE-4785: Bad packet of op_execute
kills the server
Patch-mainline: v2.5.5
Git-commit: 6500ec6a0def6bcedfeaed073027c66e0c6f7a41
git-svn-id: svn+ssh://svn.code.sf.net/p/firebird/code/firebird/branches/B2_5_Release@61535 65644016-39b1-43b1-bf79-96bc8fe82c15
---
src/dsql/dsql.cpp | 27 +++++++++++++++++----------
1 file changed, 17 insertions(+), 10 deletions(-)
diff --git a/src/dsql/dsql.cpp b/src/dsql/dsql.cpp
index dc5b2fe9a8f1..99eba27e82b1 100644
--- a/src/dsql/dsql.cpp
+++ b/src/dsql/dsql.cpp
@@ -91,7 +91,7 @@ static bool get_indices(SLONG*, const UCHAR**, SLONG*, SCHAR**);
static USHORT get_request_info(thread_db*, dsql_req*, SLONG, UCHAR*);
static bool get_rsb_item(SLONG*, const UCHAR**, SLONG*, SCHAR**, USHORT*, USHORT*);
static dsql_dbb* init(Attachment*);
-static void map_in_out(dsql_req*, dsql_msg*, USHORT, const UCHAR*, USHORT, UCHAR*, const UCHAR* = 0);
+static void map_in_out(thread_db*, dsql_req*, dsql_msg*, USHORT, const UCHAR*, USHORT, UCHAR*, const UCHAR* = 0);
static USHORT parse_blr(USHORT, const UCHAR*, const USHORT, dsql_par*);
static dsql_req* prepare(thread_db*, dsql_dbb*, jrd_tra*, USHORT, const TEXT*, USHORT, USHORT);
static UCHAR* put_item(UCHAR, const USHORT, const UCHAR*, UCHAR*, const UCHAR* const, const bool copy = true);
@@ -520,7 +520,7 @@ ISC_STATUS DSQL_fetch(thread_db* tdbb,
return 100;
}
- map_in_out(NULL, message, 0, blr, msg_length, dsql_msg_buf);
+ map_in_out(tdbb, NULL, message, 0, blr, msg_length, dsql_msg_buf);
trace.fetch(false, res_successful);
return FB_SUCCESS;
@@ -1001,7 +1001,7 @@ static void execute_blob(thread_db* tdbb,
UCHAR bpb[24];
dsql_blb* blob = request->req_blob;
- map_in_out(request, blob->blb_open_in_msg, in_blr_length, in_blr, in_msg_length, NULL, in_msg);
+ map_in_out(tdbb, request, blob->blb_open_in_msg, in_blr_length, in_blr, in_msg_length, NULL, in_msg);
UCHAR* p = bpb;
*p++ = isc_bpb_version1;
@@ -1046,7 +1046,7 @@ static void execute_blob(thread_db* tdbb,
request->req_blob->blb_blob =
BLB_create2(tdbb, request->req_transaction, blob_id, bpb_length, bpb);
- map_in_out(NULL, blob->blb_open_out_msg, out_blr_length, out_blr, out_msg_length, out_msg);
+ map_in_out(tdbb, NULL, blob->blb_open_out_msg, out_blr_length, out_blr, out_msg_length, out_msg);
}
}
@@ -1260,7 +1260,7 @@ static void execute_request(thread_db* tdbb,
dsql_msg* message = request->req_send;
if (message)
- map_in_out(request, message, in_blr_length, in_blr, in_msg_length, NULL, in_msg);
+ map_in_out(tdbb, request, message, in_blr_length, in_blr, in_msg_length, NULL, in_msg);
// we need to map_in_out before tracing of execution start to let trace
// manager know statement parameters values
@@ -1311,7 +1311,7 @@ static void execute_request(thread_db* tdbb,
message->msg_buffer, 0);
if (out_msg_length)
- map_in_out(NULL, message, 0, out_blr, out_msg_length, out_msg);
+ map_in_out(tdbb, NULL, message, 0, out_blr, out_msg_length, out_msg);
// if this is a singleton select, make sure there's in fact one record
@@ -2168,7 +2168,8 @@ static dsql_dbb* init(Attachment* attachment)
@param in_dsql_msg_buf
**/
-static void map_in_out( dsql_req* request,
+static void map_in_out( thread_db* tdbb,
+ dsql_req* request,
dsql_msg* message,
USHORT blr_length,
const UCHAR* blr,
@@ -2176,12 +2177,18 @@ static void map_in_out( dsql_req* request,
UCHAR* dsql_msg_buf,
const UCHAR* in_dsql_msg_buf)
{
- thread_db* tdbb = JRD_get_thread_data();
+ // When mapping data from the external world, request will be non-NULL.
+ // When mapping data from an internal message, request will be NULL.
USHORT count = parse_blr(blr_length, blr, msg_length, message->msg_parameters);
- // When mapping data from the external world, request will be non-NULL.
- // When mapping data from an internal message, request will be NULL.
+ // Sanity check
+
+ if (count && !(request ? in_dsql_msg_buf : dsql_msg_buf))
+ {
+ ERRD_post(Arg::Gds(isc_sqlerr) << Arg::Num(-804) <<
+ Arg::Gds(isc_dsql_sqlda_err));
+ }
dsql_par* parameter;
--
2.4.6
