Bug #91060 | Mysql ODBC causes write access violation when using Recordset.Move | ||
---|---|---|---|
Submitted: | 29 May 2018 13:00 | Modified: | 13 Sep 2018 18:26 |
Reporter: | Ciprian Anton | Email Updates: | |
Status: | Closed | Impact on me: | |
Category: | Connector / ODBC | Severity: | S2 (Serious) |
Version: | MySQL ODBC 8.0 ANSI Driver 64-bit | OS: | Windows |
Assigned to: | CPU Architecture: | Any (x64) | |
Tags: | Write access violation |
[29 May 2018 13:00]
Ciprian Anton
[29 May 2018 13:02]
Ciprian Anton
Visual Studio project to reproduce the crash
Attachment: MyslODBCMoveCrash.zip (application/x-zip-compressed, text), 12.42 KiB.
[30 May 2018 6:18]
Chiranjeevi Battula
Hello Ciprian Anton, Thank you for the bug report and testcase. Verified this behavior on Visual Studio 2017 (C#.Net) and Connector / ODBC 8.0.11. Thanks, Chiranjeevi.
[30 May 2018 6:23]
Chiranjeevi Battula
myodbc8a.dll!my_wc_mb_latin1(const CHARSET_INFO * cs, unsigned long wc, unsigned char * str, unsigned char * end) Line 324 C++ myodbc8a.dll!copy_ansi_result(tagSTMT * stmt, unsigned char * result, __int64 result_bytes, __int64 * avail_bytes, MYSQL_FIELD * field, char * src, unsigned long src_bytes) Line 658 C++ myodbc8a.dll!sql_get_data(tagSTMT * stmt, short fCType, unsigned int column_number, void * rgbValue, __int64 cbValueMax, __int64 * pcbValue, char * value, unsigned long length, DESCREC * arrec) Line 531 C++ myodbc8a.dll!fill_fetch_buffers(tagSTMT * stmt, char * * values, unsigned int rownum) Line 1840 C++ myodbc8a.dll!my_SQLExtendedFetch(void * hstmt, unsigned short fFetchType, __int64 irow, unsigned __int64 * pcrow, unsigned short * rgfRowStatus, bool upd_status) Line 2483 C++ myodbc8a.dll!SQLExtendedFetch(void * hstmt, unsigned short fFetchType, __int64 irow, unsigned __int64 * pcrow, unsigned short * rgfRowStatus) Line 2603 C++ [External Code] msdasql.dll!00007ffc9751c784() Unknown msdasql.dll!00007ffc974f72d4() Unknown msadrh15.dll!00007ffc942c2d09() Unknown msado15.dll!00007ffc97851638() Unknown msado15.dll!00007ffc978573bd() Unknown msado15.dll!00007ffc97927c85() Unknown msado15.dll!00007ffc979270fa() Unknown > MyslODBCMoveCrash.exe!ADODB::Recordset15::Move(long NumRecords, const _variant_t & Start) Line 2278 C++ MyslODBCMoveCrash.exe!TestRecordSetMove(_com_ptr_t<_com_IIID<ADODB::_Connection,&_GUID_00001550_0000_0010_8000_00aa006d2ea4> > connection, const std::basic_string<char,std::char_traits<char>,std::allocator<char> > & tableName) Line 71 C++ MyslODBCMoveCrash.exe!main() Line 84 C++ [External Code]
[30 May 2018 6:23]
Chiranjeevi Battula
Screenshot
Attachment: Bug_91060.JPG (image/jpeg, text), 181.88 KiB.
[7 Jun 2018 6:28]
Bogdan Degtyariov
Posted by developer: As testing has revealed the problem occurs because of the following: ADODB binds results buffers and reads some data. Then it sets SQL_ATTR_RETRIEVE_DATA statement attribute to SQL_RD_OFF, which should turn off reading data into the buffers. After this is done the result buffers are reduced or reallocated. Then ADODB requests reading more rows from the table. MySQL ODBC driver ignores SQL_RD_OFF value for SQL_ATTR_RETRIEVE_DATA attribute and keeps writing into the data buffers. This causes write access violation errors.
[13 Sep 2018 18:26]
Philip Olson
Posted by developer: Fixed as of the upcoming MySQL Connector/ODBC 8.0.13 release, and here's the changelog entry: Because the MySQL ODBC driver ignored the SQL_RD_OFF value for the SQL_ATTR_RETRIEVE_DATA attribute, it incorrectly kept writing into the data buffers. This led to write access violation errors when data was written into the buffer when the user application explicitly requested not to write there. Thank you for the bug report. Also thanks to Bogdan for clarifying the fix; oh, and also for fixing :)