Bug 178925 - SQLGetInfo buffer overflow when called to get "SQL_DBMS_VER"
Summary: SQLGetInfo buffer overflow when called to get "SQL_DBMS_VER"
Alias: None
Product: Fedora
Classification: Fedora
Component: unixODBC
Version: 4
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Tom Lane
QA Contact:
Depends On:
TreeView+ depends on / blocked
Reported: 2006-01-25 15:26 UTC by Brian Bielinski
Modified: 2013-07-03 03:07 UTC (History)
1 user (show)

Clone Of:
Last Closed: 2007-01-22 19:11:45 UTC

Attachments (Terms of Use)

Description Brian Bielinski 2006-01-25 15:26:08 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.12) Gecko/20050922 Fedora/1.0.7-1.1.fc4 Firefox/1.0.7

Description of problem:

buffer overflow when calling SQLGetInfo for item #18 (SQL_DBMS_VER).

i believe this is similar to bug #80394

Version-Release number of selected component (if applicable):
postgresql-odbc-08.00.0100-1 and postgresql-odbc-08.01.0102-1

How reproducible:

Steps to Reproduce:
1. call "SQLGetInfo" to get value #18 (which is SQL_DBMS_VER)
I've called this through a perl script as well as through other software...

Actual Results:  *** buffer overflow detected ***: /usr/bin/perl terminated
======= Backtrace: =========
======= Memory map: ========
00111000-0012f000 r-xp 00000000 fd:00 33947775   /usr/lib/perl5/5.8.6/i386-linux-thread-multi/auto/POSIX/POSIX.so
0012f000-00130000 rwxp 0001d000 fd:00 33947775   /usr/lib/perl5/5.8.6/i386-linux-thread-multi/auto/POSIX/POSIX.so
00130000-0014e000 r-xp 00000000 fd:00 34705813   /usr/lib/perl5/site_perl/5.8.6/i386-linux-thread-multi/auto/DBD/ODBC/ODBC.so
0014e000-0014f000 rwxp 0001e000 fd:00 34705813   /usr/lib/perl5/site_perl/5.8.6/i386-linux-thread-multi/auto/DBD/ODBC/ODBC.so
0014f000-00158000 r-xp 00000000 fd:00 458804     /lib/libnss_files-2.3.5.so
00158000-00159000 r-xp 00008000 fd:00 458804     /lib/libnss_files-2.3.5.so
00159000-0015a000 rwxp 00009000 fd:00 458804     /lib/libnss_files-2.3.5.so
00191000-00196000 r-xp 00000000 fd:00 458868     /lib/libcrypt-2.3.5.so
00196000-00197000 r-xp 00004000 fd:00 458868     /lib/libcrypt-2.3.5.so
00197000-00198000 rwxp 00005000 fd:00 458868     /lib/libcrypt-2.3.5.so
00198000-001bf000 rwxp 00198000 00:00 0
001ff000-00219000 r-xp 00000000 fd:00 458819     /lib/ld-2.3.5.so
00219000-0021a000 r-xp 00019000 fd:00 458819     /lib/ld-2.3.5.so
0021a000-0021b000 rwxp 0001a000 fd:00 458819     /lib/ld-2.3.5.so
0021d000-00340000 r-xp 00000000 fd:00 458823     /lib/libc-2.3.5.so
00340000-00342000 r-xp 00123000 fd:00 458823     /lib/libc-2.3.5.so
00342000-00344000 rwxp 00125000 fd:00 458823     /lib/libc-2.3.5.so
00344000-00346000 rwxp 00344000 00:00 0
00348000-0036b000 r-xp 00000000 fd:00 458847     /lib/libm-2.3.5.so
0036b000-0036c000 r-xp 00022000 fd:00 458847     /lib/libm-2.3.5.so
0036c000-0036d000 rwxp 00023000 fd:00 458847     /lib/libm-2.3.5.so
0036f000-00371000 r-xp 00000000 fd:00 458849     /lib/libdl-2.3.5.so
00371000-00372000 r-xp 00001000 fd:00 458849     /lib/libdl-2.3.5.so
00372000-00373000 rwxp 00002000 fd:00 458849     /lib/libdl-2.3.5.so
00373000-003d7000 r-xp 00000000 fd:00 33856443   /usr/lib/libodbc.so.1.0.0
003d7000-003dc000 rwxp 00063000 fd:00 33856443   /usr/lib/libodbc.so.1.0.0
00460000-0046e000 r-xp 00000000 fd:00 458869     /lib/libpthread-2.3.5.so
0046e000-0046f000 r-xp 0000d000 fd:00 458869     /lib/libpthread-2.3.5.so
0046f000-00470000 rwxp 0000e000 fd:00 458869     /lib/libpthread-2.3.5.so
00470000-00472000 rwxp 00470000 00:00 0 Aborted

Additional info:

Comment 1 Brian Bielinski 2006-01-26 17:31:37 UTC
-=-=-= this is the perl script which shows the prob
#!/usr/bin/perl -w

# must have "DBD::ODBC" installed i used cpan2rpm...
use DBI;

# test is a postgresql database owned by me (brian)
my $dbh = DBI->connect('dbi:ODBC:test','brian')
	or die "Unable to connect: ".$DBI::errstr."\n";

print "Driver : " . $dbh->{Driver}->{Name} . "\n";
print "Driver : SQL_DBMS_NAME " . $dbh->func(17, GetInfo) . "\n";
# this next line causes the overflow
print "Driver : SQL_DBMS_VER " . $dbh->func(18, GetInfo) . "\n";

Comment 2 Tom Lane 2006-01-27 18:32:32 UTC
Could you be more specific about how you set up DBD::ODBC?  Running "cpan2rpm
DBD::ODBC" fails for me with a complaint about not knowing which driver manager
to use.  I'm disinclined to guess about this since it might well be related...

Comment 3 Brian Bielinski 2006-01-27 22:09:52 UTC
1) try running "odbctest" from a command line...
2) menu "Conn"->"Full Connect"
3) enter odbc DSN stuff for an already set up _postgresql_ database
4) hit "OK"
5) should see "Full Connect Succeeded" in the lower window
6) (just to test...) "Conn"->"SQLGetInfo"
7) (still testing...) in the "Info Type" listbox select "SQL_DBMS_NAME=17"
8) hit "OK"   
9 should see "Postgresql" ( THIS WORKS!!!)
10) (now the bug) "Conn"->"SQLGetInfo"
11) in the "Info Type" listbox select "SQL_DBMS_VER=18"
12) hit "OK" and....    BLAMMO!!!!
13) read your buffer overflow output on the command line...

i really think you should read bug #80394 and look at the last comment...
this might be a lead. 

in my current "/usr/src/debug/psqlodbc-08.01.0102/psqlodbc.h" the

btw: the way I built the perl-dbd-odbc rpm is "export ODBCHOME=/usr; cpan2rpm
DBD::ODBC".  i called SQLGetInfo for every value from 0 to 5000. the only one it
blows up on is 18.


Comment 4 Tom Lane 2006-01-28 17:17:54 UTC
Doh, I just looked at your stack trace more closely, and realized that you are
running the wrong ODBC driver:
$ rpm -qf /usr/lib/libodbcpsql.so

That's the horribly obsolete one that's included in the unixODBC distribution,
*not* the one from the psqlodbc package.  You need to repoint your DSN to
(or possibly /usr/lib64/, if you really are on x86_64)

I'll patch the unixODBC driver next time I have occasion to turn the package,
but really that code is going to go away entirely someday soon.  I think the
unixODBC developers have already agreed to remove it upstream.

Comment 5 Christian Iseli 2007-01-20 00:28:19 UTC
This report targets the FC3 or FC4 products, which have now been EOL'd.

Could you please check that it still applies to a current Fedora release, and
either update the target product or close it ?


Comment 6 Brian Bielinski 2007-01-22 19:11:45 UTC
I do not currently run a 64bit version of FC6, although I can confirm that the
bug does NOT exist in the 32 bit version (even using the old driver).  I will
close this bug (although that buggy driver is still in the unixODBC rpm and
should probably be removed...)

Many thanks,


Note You need to log in before you can comment on or make changes to this bug.