Fixed CORE-3554: Server crashes during prepare or throws incorrect parsing error if the remotely passed SQL query is empty. The origin of the zero-length SQL string passed is still unknown though, so the ticket remains open for a while.

2025-01-23 07:23:04 +01:00 · 2011-07-13 13:09:28 +00:00 · 2011-07-13 13:09:28 +00:00 · acb020fc35
commit acb020fc35
parent 116130a22a
3 changed files with 36 additions and 34 deletions
--- a/src/dsql/dsql.cpp
+++ b/src/dsql/dsql.cpp
@ -657,17 +657,6 @@ static ISC_STATUS dsql8_execute_immediate_common(ISC_STATUS*	user_status,

 		try {

-			if (!string) {
-				ERRD_post(isc_sqlerr, isc_arg_number, (SLONG) - 104, 
-					isc_arg_gds, isc_command_end_err2,
-					// CVC: Nothing will be line 1, column 1 for the user.
-					isc_arg_number, (SLONG) 1, isc_arg_number, (SLONG) 1,
-					isc_arg_end);	// Unexpected end of command
-			}
-			if (!length) {
-				length = strlen(string);
-			}
-
 // Figure out which parser version to use 
 /* Since the API to dsql8_execute_immediate is public and can not be changed, there needs to
 * be a way to send the parser version to DSQL so that the parser can compare the keyword
@ -1361,18 +1350,6 @@ ISC_STATUS GDS_DSQL_PREPARE_CPP(ISC_STATUS*			user_status,

 		try {

-			if (!string) {
-				ERRD_post(isc_sqlerr, isc_arg_number, (SLONG) - 104, 
-					isc_arg_gds, isc_command_end_err2,
-					// CVC: Nothing will be line 1, column 1 for the user.
-					isc_arg_number, (SLONG) 1, isc_arg_number, (SLONG) 1,
-					isc_arg_end);	// Unexpected end of command
-			}
-
-			if (!length) {
-				length = strlen(string);
-			}
-
 // Figure out which parser version to use 
 /* Since the API to dsql8_prepare is public and can not be changed, there needs to
 * be a way to send the parser version to DSQL so that the parser can compare the keyword
@ -4697,7 +4674,14 @@ static dsql_req* prepare(
 		ERRD_post(isc_sqlerr, isc_arg_number, (SLONG) - 901,
 				  isc_arg_gds, isc_wish_list, isc_arg_end);

-	if (!string) {
+	if (string && !string_length) {
+		size_t sql_length = strlen(string);
+		if (sql_length > MAX_USHORT)
+			sql_length = MAX_USHORT;
+		string_length = static_cast<USHORT>(sql_length);
+	}
+
+	if (!string || !string_length) {
 		ERRD_post(isc_sqlerr, isc_arg_number, (SLONG) - 104, 
 			isc_arg_gds, isc_command_end_err2,
 			// CVC: Nothing will be line 1, column 1 for the user.
@ -4705,9 +4689,6 @@ static dsql_req* prepare(
 			isc_arg_end);	// Unexpected end of command
 	}

-	if (!string_length)
-		string_length = strlen(string);
-
 /* Get rid of the trailing ";" if there is one. */

 	for (const TEXT* p = string + string_length; p-- > string;)
--- a/src/remote/interface.cpp
+++ b/src/remote/interface.cpp
@ -1594,6 +1594,14 @@ ISC_STATUS GDS_DSQL_EXECUTE_IMMED2(ISC_STATUS* user_status,
 	rdb->rdb_status_vector = user_status;
 	tdrdb->trdb_database = rdb;

+	if (!length)
+	{
+		size_t sql_length = strlen(string);
+		if (sql_length > MAX_USHORT)
+			sql_length = MAX_USHORT;
+		length = static_cast<USHORT>(sql_length);
+	}
+
 	if (dialect > 10)
 	{
 		// dimitr: adjust dialect received after
@ -1690,9 +1698,8 @@ ISC_STATUS GDS_DSQL_EXECUTE_IMMED2(ISC_STATUS* user_status,
 		P_SQLST* ex_now = &packet->p_sqlst;
 		ex_now->p_sqlst_transaction = (transaction) ? transaction->rtr_id : 0;
 		ex_now->p_sqlst_SQL_dialect = dialect;
-		ex_now->p_sqlst_SQL_str.cstr_length =
-			length ? length : strlen(string);
-		ex_now->p_sqlst_SQL_str.cstr_address = (UCHAR *) string;
+		ex_now->p_sqlst_SQL_str.cstr_length = length;
+		ex_now->p_sqlst_SQL_str.cstr_address = (UCHAR*) string;
 		ex_now->p_sqlst_items.cstr_length = 0;
 		ex_now->p_sqlst_buffer_length = 0;
 		ex_now->p_sqlst_blr.cstr_length = in_blr_length;
@ -2293,6 +2300,14 @@ ISC_STATUS GDS_DSQL_PREPARE(ISC_STATUS * user_status, RTR * rtr_handle, RSR * st
 	rdb->rdb_status_vector = user_status;
 	tdrdb->trdb_database = rdb;

+	if (!length)
+	{
+		size_t sql_length = strlen(string);
+		if (sql_length > MAX_USHORT)
+			sql_length = MAX_USHORT;
+		length = static_cast<USHORT>(sql_length);
+	}
+
 	if (dialect > 10)
 	{
 		// dimitr: adjust dialect received after
@ -2334,11 +2349,10 @@ ISC_STATUS GDS_DSQL_PREPARE(ISC_STATUS * user_status, RTR * rtr_handle, RSR * st
 		prepare->p_sqlst_transaction = (transaction) ? transaction->rtr_id : 0;
 		prepare->p_sqlst_statement = statement->rsr_id;
 		prepare->p_sqlst_SQL_dialect = dialect;
-		prepare->p_sqlst_SQL_str.cstr_length =
-			length ? length : strlen(string);
-		prepare->p_sqlst_SQL_str.cstr_address = (UCHAR *) string;
+		prepare->p_sqlst_SQL_str.cstr_length = length;
+		prepare->p_sqlst_SQL_str.cstr_address = (UCHAR*) string;
 		prepare->p_sqlst_items.cstr_length = item_length;
-		prepare->p_sqlst_items.cstr_address = (UCHAR *) items;
+		prepare->p_sqlst_items.cstr_address = (UCHAR*) items;
 		prepare->p_sqlst_buffer_length = buffer_length;

 		if (!send_packet(rdb->rdb_port, packet, user_status))
--- a/src/remote/protocol.cpp
+++ b/src/remote/protocol.cpp
@ -903,7 +903,14 @@ static bool alloc_cstring(XDR* xdrs,
 **************************************/

 	if (!cstring->cstr_length)
+	{
+		if (cstring->cstr_allocated)
+			*cstring->cstr_address = '\0';
+		else
+			cstring->cstr_address = NULL;
+
 		return true;
+	}

 	if (cstring->cstr_length > cstring->cstr_allocated &&
 		cstring->cstr_allocated)