[erlang-questions] r16b02 odbc-2.10.17 memmory corruption.

Saltanov, Alexey Alexey.Saltanov@REDACTED
Thu Nov 20 13:05:52 CET 2014


Thanks a lot!

-----Original Message-----
From: Ben Murphy [mailto:benmmurphy@REDACTED] 
Sent: Thursday, November 20, 2014 2:33 PM
To: Saltanov, Alexey
Cc: erlang-questions@REDACTED
Subject: Re: [erlang-questions] r16b02 odbc-2.10.17 memmory corruption.

The erlang ODBC API lets you shoot yourself in the foot. When you use param_query and {sql_varchar, X} (or other types that have variable
size) you MUST ensure that X is greater than the number of bytes in your bound parameters (this might be slightly different for wchar). If it is less than or equal then it will cause heap corruption.

On Thu, Nov 20, 2014 at 10:00 AM, Saltanov, Alexey <Alexey.Saltanov@REDACTED> wrote:
> I use Erlang OTP r16b02 with odbc-2.10.17, unixODBC 2.3.1, Oracle 
> Client
> 11.2.3 on the Red Hat Enterprise Linux Server 6.3 x86_64.
>
> And I get some glibc error messages:
>
> *** glibc detected *** /home/user/app1/lib/odbc-2.10.17/priv/bin/odbcserver:
> free(): invalid next size (fast): 0x0000000002192490 ***
>
> *** glibc detected *** /home/user/app1/lib/odbc-2.10.17/priv/bin/odbcserver:
> corrupted double-linked list: 0x00000000013d7110 ***
>
>
>
> Often odbcserver crashes…
>
>
>
> Stacktrace 1:
>
> Core was generated by `/home/user/app1/lib/odbc-2.10.1'.
>
> Program terminated with signal SIGABRT, Aborted.
>
> (gdb) bt
>
> #0  0x0000003c4160f3cb in raise () from /lib64/libpthread.so.0
>
> #1  0x00007f9d98336442 in skgesigOSCrash () from
> /u01/app/oracle/product/11.2.0/cl11203/lib/libclntsh.so.11.1
>
> #2  0x00007f9d985d8cbd in kpeDbgSignalHandler () from
> /u01/app/oracle/product/11.2.0/cl11203/lib/libclntsh.so.11.1
>
> #3  0x00007f9d98336652 in skgesig_sigactionHandler () from
> /u01/app/oracle/product/11.2.0/cl11203/lib/libclntsh.so.11.1
>
> #4  <signal handler called>
>
> #5  0x0000003c412328a5 in raise () from /lib64/libc.so.6
>
> #6  0x0000003c41234085 in abort () from /lib64/libc.so.6
>
> #7  0x0000003c4126fa37 in __libc_message () from /lib64/libc.so.6
>
> #8  0x0000003c41275366 in malloc_printerr () from /lib64/libc.so.6
>
> #9  0x0000003c41275770 in malloc_consolidate () from /lib64/libc.so.6
>
> #10 0x0000003c41278605 in _int_malloc () from /lib64/libc.so.6
>
> #11 0x0000003c41279826 in calloc () from /lib64/libc.so.6
>
> #12 0x00007f9d9a08115c in __alloc_stmt () at __handles.c:771
>
> #13 0x00007f9d9a04d1b5 in __SQLAllocHandle (handle_type=<optimized 
> out>, input_handle=0x12e4970, output_handle=0x7fff8b2ca130, 
> requested_version=0) at SQLAllocHandle.c:580
>
> #14 0x0000000000403bac in init_param_statement (status=<optimized 
> out>, state=<optimized out>, num_param_values=<optimized out>, 
> cols=<optimized
> out>) at odbcserver.c:2372
>
> #15 db_param_query (buffer=0x13d7281 "\203h\003k", 
> state=0x7fff8b2ca120) at
> odbcserver.c:859
>
> #16 0x0000000000405332 in handle_db_request (state=<optimized out>, 
> reqstring=<optimized out>) at odbcserver.c:424
>
> #17 database_handler (port=<optimized out>) at odbcserver.c:371
>
> #18 0x00000000004059ce in main () at odbcserver.c:296
>
>
>
> Stacktrace2:
>
> Core was generated by `/home/user/app1/lib/odbc-2.10.1'.
>
> Program terminated with signal SIGABRT, Aborted.
>
> (gdb) bt
>
> #0  0x0000003c4160f3cb in raise () from /lib64/libpthread.so.0
>
> #1  0x00007f3472c1e442 in skgesigOSCrash () from
> /u01/app/oracle/product/11.2.0/cl11203/lib/libclntsh.so.11.1
>
> #2  0x00007f3472ec0cbd in kpeDbgSignalHandler () from
> /u01/app/oracle/product/11.2.0/cl11203/lib/libclntsh.so.11.1
>
> #3  0x00007f3472c1e652 in skgesig_sigactionHandler () from
> /u01/app/oracle/product/11.2.0/cl11203/lib/libclntsh.so.11.1
>
> #4  <signal handler called>
>
> #5  0x0000003c412328a5 in raise () from /lib64/libc.so.6
>
> #6  0x0000003c41234085 in abort () from /lib64/libc.so.6
>
> #7  0x0000003c4126fa37 in __libc_message () from /lib64/libc.so.6
>
> #8  0x0000003c41275366 in malloc_printerr () from /lib64/libc.so.6
>
> #9  0x0000003c41277e93 in _int_free () from /lib64/libc.so.6
>
> #10 0x00007f3473b8c37a in MEMFree () from
> /u01/app/oracle/product/11.2.0/cl11203/lib/libsqora.so.11.1
>
> #11 0x00007f3473b83908 in bcoResetParam () from
> /u01/app/oracle/product/11.2.0/cl11203/lib/libsqora.so.11.1
>
> #12 0x00007f3473b83b00 in bcoResetParams () from
> /u01/app/oracle/product/11.2.0/cl11203/lib/libsqora.so.11.1
>
> #13 0x00007f3473b3a759 in bcoSQLFreeStmt () from
> /u01/app/oracle/product/11.2.0/cl11203/lib/libsqora.so.11.1
>
> #14 0x00007f3473b90a90 in bccSQLFreeStmtLckd () from
> /u01/app/oracle/product/11.2.0/cl11203/lib/libsqora.so.11.1
>
> #15 0x00007f3473b90864 in bccSQLFreeStmt () from
> /u01/app/oracle/product/11.2.0/cl11203/lib/libsqora.so.11.1
>
> #16 0x00007f3473b9157e in SQLFreeStmt () from
> /u01/app/oracle/product/11.2.0/cl11203/lib/libsqora.so.11.1
>
> #17 0x00007f34749462f8 in SQLFreeStmt (statement_handle=0x2195480, 
> option=3) at SQLFreeStmt.c:247
>
> #18 0x0000000000403f62 in db_param_query (buffer=<optimized out>,
> state=0x7fff2dda97d0) at odbcserver.c:911
>
> #19 0x0000000000405332 in handle_db_request (state=<optimized out>, 
> reqstring=<optimized out>) at odbcserver.c:424
>
> #20 database_handler (port=<optimized out>) at odbcserver.c:371
>
> #21 0x00000000004059ce in main () at odbcserver.c:296
>
>
>
> Is it known bug?
>
> It’s looks like odbcserver has invalid memory usage code and r17.3 has 
> no significant changes in the odbc.
>
>
>
>
> _______________________________________________
> erlang-questions mailing list
> erlang-questions@REDACTED
> http://erlang.org/mailman/listinfo/erlang-questions
>


More information about the erlang-questions mailing list