Bugs fixed Firebird sub-release 2.0.6

<< Sub-release 2.0.7 | Firebird 2.0.7 Release Notes | Sub-release 2.0.5 >>

Bugs fixed

Sub-release 2.0.6

(CORE-2936) Wrong page type (expected 7 found N) error.

If two consecutive leaf index pages were removed from an index (garbage collected) by two different connections at the same time, the linked list of sibling pages could become broken and the sibling pointer at another index page could point to the freed index page. When the freed page was again allocated, this index corruption would be reported.

fixed by V. Khorsun

~ ~ ~

(CORE-2928) Buffer overflow in gsec.

For reasons unknown, the gsec code copies the value of the password hash to an internal user data structure during a display operation. Since v.2.0, when the newer hash algorithm made the hash longer than previously, the buffer used for storing it could be too short.

This does not create a vulnerability because the hash value does not travel anywhere. It is harmless, anyway: the buffer overflow cannot be exploited because the first, middle and last names are filled immediately after the password. It is fixed now, thus avoiding having newer versions of glibc detecting this overflow.

fixed by A. Peshkov

~ ~ ~

(CORE-2919) The Linux installation script was ignoring non-standard ports.

fixed by A. Peshkov

~ ~ ~

(CORE-2871) If a derived table or a view contained both a left/right join and an ORDER BY clause and the outer query also contained an ORDER BY clause, the outer ORDER BY clause would have no effect.

fixed by D. Yemanov

~ ~ ~

(CORE-2856) A non-NULL key in a unique index could not be found when the key was removed

fixed by V. Khorsun

~ ~ ~

(CORE-2846) When gfix -shut <mode> -attach <timeout> failed after the specified timeout due to connections being still active, it became impossible to connect to the database.

fixed by D. Yemanov

~ ~ ~

(CORE-2831) Database and user name should not be in the output when a script is extracted.

fixed by C. Valderrama

~ ~ ~

(CORE-2822) The error no current row for fetch operation was being thrown when a subquery included a non-trivial derived table.

fixed by D. Yemanov

~ ~ ~

(CORE-2820) Queries with PLAN ORDER were exhibiting small memory leaks as a side effect of an earlier, major fix.

fixed by V. Khorsun

~ ~ ~

(CORE-2741) Metadata extract would misinterpret the DDL of a CHECK constraint if the CHECK keyword was in any character mix other than all lower case or all upper case.

fixed by C. Valderrama

~ ~ ~

(CORE-2720) Division involving a divisor consisting of unary addition or subtraction expressions was being evaluated wrongly, often producing an incorrect result.

fixed by V. Khorsun

~ ~ ~

(CORE-2698) If a new cached lock is needed and the permitted number of cached locks is already used up, the least recently used lock should be released and its key should be reset to a new value. When the least recently used lock could not be unlocked because it was being held by some code for too long, the call to LocksCache::get would wait indefinitely.

fixed by V. Khorsun

~ ~ ~

(CORE-2684) Error page NNN is of wrong type (expected 7, found N) error would occur (wrongly) sometimes, due to a logic bug in garbage collection.

fixed by V. Khorsun

~ ~ ~

(CORE-2648) NBackup's delta file was not respecting the Forced Writes database setting.

fixed by V. Khorsun

~ ~ ~

(CORE-2640) Under some conditions, the lock manager could fail to detect a regular deadlock and cause the server to hang.

fixed by V. Khorsun, D. Yemanov

~ ~ ~

(CORE-2635) A unique index could be corrupted at level 1 if it contained a lot of NULL keys.

fixed by V. Khorsun

~ ~ ~

(CORE-2616) Error page <N> is of wrong type (expected 7, found 5) could occur under load, giving the impression that something had corrupted the database. On restart, there would be no evidence of corruption.

fixed by V. Khorsun

~ ~ ~

(CORE-2591) High mutex wait ratio and degraded performance would start to show up after a period of normal performance.

fixed by D. Yemanov

~ ~ ~

(CORE-2563) It was possible to shut down the Superserver's main port (3050 by default) by sending a malformed packet of some special format, that would lead to a Denial of Service condition for new incoming connections. This exploit could be used by an unauthenticated client. Reported 15-Jul-2009 by Core Security Technologies.

fixed by D. Yemanov

~ ~ ~

(CORE-2507) A flagging issue on Windows server platforms was causing CreateFile() failures intermittently.

fixed by V. Khorsun

~ ~ ~

(CORE-2449) An unexpected lock conflict error could be thrown in lieu of the expected exception.

fixed by D. Yemanov

~ ~ ~

(CORE-2444) The engine could hang when multiple attachments registered their interest in events simultaneously and free space in the events table became exhausted.

fixed by V. Khorsun

~ ~ ~

(CORE-2437) A buffer overflow could occur on a client when events were being delivered.

fixed by A. Peshkov

~ ~ ~

(CORE-2415) Firebird could crash when the system ran out of temporary space.

fixed by A. Peshkov

~ ~ ~

(CORE-2411) The optimizer in v.2.0.5 would choose a slower PLAN for certain types of query than it would in version 2.0.4.

fixed by D. Yemanov

~ ~ ~

(CORE-2395) Problem in the API with handling UTF-8 4-byte characters for Japanese collations.

fixed by A. dos Santos Fernandes

~ ~ ~

(CORE-2368) An isc_cancel_events() call would be succeeded by an access violation if the event was not found.

fixed by V. Khorsun

~ ~ ~

(CORE-2355) Incorrect handling of LOWER/UPPER when result string shrinks in terms of byte length.

fixed by A. dos Santos Fernandes

~ ~ ~

(CORE-2354) fb_lock_print -ia output was not being flushed to the file between iterations.

fixed by A. Peshkov

~ ~ ~

(CORE-2326) Committing a new user object (a view, for example) caused an access violation if a user-defined trigger had been applied to the system table RDB$RELATIONS.

It should be noted that no Firebird server version either supports, or retains after a backup and restore, any user-defined trigger on a system table. The strong recommendation against defining such triggers remains. The fix recognises one way that user interference with system tables can compromise internal operations and disarms it. The ability to define DDL triggers through the regular DDL mechanisms is on the drawing board for v.3.

fixed by D. Yemanov

~ ~ ~

(CORE-2306) Superserver could terminate abnormally when some worker thread failed to start.

fixed by A. Peshkov

~ ~ ~

(CORE-2291) The error Bugcheck 284 (cannot restore singleton select data) would be thrown on bad trigger code involving [FOR] SELECT, when the engine should have been detecting the error and throwing the proper exception.

fixed by V. Khorsun

~ ~ ~

(CORE-2282) Truncating UDFs were broken for negative numbers below -1.

fixed by C. Valderrama

~ ~ ~

(CORE-2281) Rounding UDFs were broken for negative numbers.

fixed by C. Valderrama

~ ~ ~

(CORE-2272) The server would start returning garbage when killing an events connection attempt.

fixed by A. Peshkov

~ ~ ~

(CORE-2271) The gfix utility had a legacy bug that exhibited itself during the database validation/repair routines on large databases. The privilege level of the user running these routines was being checked too late in the operation, thus allowing a non-privileged user (i.e., not SYSDBA or Owner) to start a validation operation. Once the privilege check occurred, the database validation could halt in mid-operation and thus be left unfinished, resulting in logical corruption that might not have been there otherwise.

fixed by A. Peshkov

~ ~ ~

(CORE-2270) When run in a zlogin console, isql would consume all memory and crash.

fixed by J. Swierczynski, A. Peshkov

~ ~ ~

(CORE-2247) In the QLI utility, message and descriptor buffers were not properly aligned.

fixed by A. Peshkov

~ ~ ~

(CORE-2245) A database with long exception messages defined would exhibit errors when being restored from a backup.

fixed by C. Valderrama

~ ~ ~

(CORE-2173) The server would crash after an abnormal disconnection if there was an open ExecuteStatement call.

fixed by A. Peshkov

~ ~ ~

(CORE-2157) Known issue: a bug in gcc 3.2.x, the compiler used to build the official x86 Linux packages, can cause problems when people try to build binaries that depend on the Firebird client without using the -pthread switch. Setting the -pthread switch removes the dependency of the output binary on libpthread.

Reported by A. Peshkov

~ ~ ~

(CORE-1961) A Bugcheck 210 (page in use during flush) consistency check error would be thrown during database validation.

fixed by D. Yemanov, R. Simakov

~ ~ ~

(CORE-1923) On Windows, successful execution of instsvc.exe remove was returning 1 as its completion code, instead of 0.

fixed by D. Yemanov

~ ~ ~

(CORE-1089) Selecting from a view that used DISTINCT and LEFT JOIN returned records in the wrong order if the ORDER BY clause did not include columns from the right-side (non-mandatory) table.

fixed by D. Yemanov

~ ~ ~

(CORE-195) Regression of an old bug, previously fixed in v.1.5.1, whereby a bugcheck 291 (cannnot find back record version) would occur when updating the same record that had already fired an action in a BEFORE UPDATE trigger. The regression that was reintroduced in v.2.0 was less destructive, insofar as it affected only the record that was physically first in the table.

fixed by A. Peshkov

~ ~ ~