From fa5b4613cb011e300652eae05cec981bf2ee449b Mon Sep 17 00:00:00 2001 From: asfernandes Date: Sat, 4 Mar 2006 18:24:04 +0000 Subject: [PATCH] Fix SF field-test #1439268 - Sequence of commands crash FB server --- src/jrd/req.h | 6 ++++-- src/jrd/vio.cpp | 5 ++++- 2 files changed, 8 insertions(+), 3 deletions(-) diff --git a/src/jrd/req.h b/src/jrd/req.h index 53c2c337d2..26dddb01d6 100644 --- a/src/jrd/req.h +++ b/src/jrd/req.h @@ -115,10 +115,12 @@ const USHORT DPM_other = 3; /* Independent (or don't care) record */ class Record : public pool_alloc_rpt { public: - MemoryPool& rec_pool; // pool where record to be expanded Record(MemoryPool& p) : rec_pool(p), rec_precedence(p) { } - const Format* rec_format; /* what the data looks like */ + // ASF: Record is memcopied in VIO_record, starting at rec_format. + // rec_precedence has destructor, so don't move it to after rec_format. + MemoryPool& rec_pool; // pool where record to be expanded PageStack rec_precedence; /* stack of higher precedence pages */ + const Format* rec_format; /* what the data looks like */ USHORT rec_length; /* how much there is */ const Format* rec_fmt_bk; // backup format to cope with Borland's ill null signaling UCHAR rec_flags; /* misc record flags */ diff --git a/src/jrd/vio.cpp b/src/jrd/vio.cpp index c8f4f060b4..ee5f413372 100644 --- a/src/jrd/vio.cpp +++ b/src/jrd/vio.cpp @@ -2438,7 +2438,10 @@ Record* VIO_record(thread_db* tdbb, record_param* rpb, const Format* format, { record = FB_NEW_RPT(rpb->rpb_record->rec_pool, format->fmt_length) Record(rpb->rpb_record->rec_pool); - memcpy(record, rpb->rpb_record, sizeof(Record) + sizeof(SCHAR) * rpb->rpb_record->rec_length); + record->rec_precedence.takeOwnership(rpb->rpb_record->rec_precedence); + // start copying at rec_format, to not mangle record->rec_precedence + memcpy(&record->rec_format, &rpb->rpb_record->rec_format, + sizeof(Record) - ((UCHAR*)&record->rec_format - (UCHAR*)record) + rpb->rpb_record->rec_length); delete rpb->rpb_record; rpb->rpb_record = record; }