Bug #52066 ODBC crash SQLColAttribute SQL_DESC_TYPE_NAME large table
Submitted: 15 Mar 2010 15:06 Modified: 28 May 2015 11:24
Reporter: Farid Zidan (Candidate Quality Contributor) Email Updates:
Status: Can't repeat Impact on me:
None 
Category:Connector / ODBC Severity:S1 (Critical)
Version:5.01.06.00 OS:Windows (XP SP3)
Assigned to: CPU Architecture:Any
Tags: qc

[15 Mar 2010 15:06] Farid Zidan 
Description:
Windows XP SP3 32-bit 5.1.44-community
MySQL ODBC driver 5.01.06.00

Driver crash getting resultset description for a column of a large table at this call:

        rc = SQLColAttribute(hstmt,
                             nCol,
                             SQL_DESC_TYPE_NAME,
                             pRow->type_name,
                             sizeof(pRow->type_name),
                             &nLen,
                             NULL);

How to repeat:
1. Prepare statement
select * from test_desc_type_name
2. step through the reulsetset columns (73) one by one to get their metadata using
SQLColAttribute and SQL_DESC_TYPE_NAME
3. Crash at column ordinal 6 (see attached screen shot)

Notes: table must have a large number of rows. Did not observe crash when table is empty. Table DDL:

CREATE TABLE `test_desc_type_name` (
  `col1` varchar(42) NOT NULL DEFAULT '',
  `col2` int(11) NOT NULL,
  `col3` varchar(32) NOT NULL,
  `col4` varchar(16) NOT NULL,
  `col5` datetime NOT NULL,
  `col6` datetime DEFAULT NULL,
  `col7` char(2) DEFAULT NULL,
  `col8` char(1) DEFAULT NULL,
  `col9` smallint(6) DEFAULT NULL,
  `col10` datetime DEFAULT NULL,
  `col11` decimal(12,2) DEFAULT NULL,
  `col12` decimal(12,2) DEFAULT NULL,
  `col13` char(5) DEFAULT NULL,
  `col14` char(2) DEFAULT NULL,
  `col15` char(6) DEFAULT NULL,
  `col16` char(6) DEFAULT NULL,
  `col17` char(6) DEFAULT NULL,
  `col18` char(6) DEFAULT NULL,
  `col19` char(2) DEFAULT NULL,
  `col20` char(2) DEFAULT NULL,
  `col21` char(7) DEFAULT NULL,
  `col22` int(11) DEFAULT NULL,
  `col23` char(2) DEFAULT NULL,
  `col24` varchar(16) DEFAULT NULL,
  `col25` varchar(16) DEFAULT NULL,
  `col26` smallint(6) DEFAULT NULL,
  `col27` smallint(6) DEFAULT NULL,
  `col28` char(1) DEFAULT NULL,
  `col29` char(3) DEFAULT NULL,
  `col30` int(11) DEFAULT NULL,
  `col31` smallint(6) DEFAULT NULL,
  `col32` char(11) DEFAULT NULL,
  `col33` datetime DEFAULT NULL,
  `col34` datetime DEFAULT NULL,
  `col35` int(11) DEFAULT NULL,
  `col36` char(5) DEFAULT NULL,
  `col37` decimal(12,2) DEFAULT NULL,
  `col38` int(11) DEFAULT NULL,
  `col39` varchar(254) DEFAULT NULL,
  `col40` char(5) DEFAULT NULL,
  `col41` char(1) DEFAULT NULL,
  `col42` char(3) DEFAULT NULL,
  `col43` varchar(10) DEFAULT NULL,
  `col44` smallint(6) DEFAULT NULL,
  `col45` char(3) DEFAULT NULL,
  `col46` smallint(6) DEFAULT NULL,
  `col47` int(11) DEFAULT NULL,
  `col48` decimal(10,2) DEFAULT NULL,
  `col49` char(1) DEFAULT NULL,
  `col50` char(2) DEFAULT NULL,
  `col51` varchar(20) DEFAULT NULL,
  `col52` varchar(16) DEFAULT NULL,
  `col53` varchar(10) DEFAULT NULL,
  `col54` varchar(10) DEFAULT NULL,
  `col55` char(2) DEFAULT NULL,
  `col56` char(2) DEFAULT NULL,
  `col57` char(2) DEFAULT NULL,
  `col58` datetime DEFAULT NULL,
  `col59` varchar(254) DEFAULT NULL,
  `col60` varchar(254) DEFAULT NULL,
  `col61` int(11) DEFAULT NULL,
  `col62` decimal(12,2) DEFAULT NULL,
  `col63` decimal(12,2) DEFAULT NULL,
  `col64` decimal(12,2) DEFAULT NULL,
  `col65` decimal(12,2) DEFAULT NULL,
  `col66` decimal(12,2) DEFAULT NULL,
  `col67` decimal(12,2) DEFAULT NULL,
  `col68` decimal(12,2) DEFAULT NULL,
  `col69` varchar(16) DEFAULT NULL,
  `col70` int(11) NOT NULL,
  `col71` int(11) NOT NULL,
  `col72` char(3) DEFAULT NULL,
  `col73` char(5) DEFAULT NULL,
  UNIQUE KEY `x8_desc` (`col3`,`col5`,`col1`,`col2`)
) ENGINE=InnoDB DEFAULT CHARSET=latin1

I can provide table data (about 24000 rows) if necessary

Suggested fix:
Driver is over-writing client memory when crashing you can see that nCol local variable (value before SQLColAttribute call/crash is 6) value after crash is clobbered
[15 Mar 2010 15:07] Farid Zidan 
crash screenshot

Attachment: crash_desc_type_name.jpg (image/jpeg, text), 77.17 KiB.
[15 Mar 2010 15:19] Tonci Grgin 
Hi Farid.

So far, I am not able to get a crash in odbcte...

select * from  `test_desc_type_name` 
SQLExecDirect:
	In:hstmt = 0x005B6068, szSqlStr = "", cbSqlStr = -3
	Return:	SQL_SUCCESS=0
SQLColAttribute:
	In:StatementHandle = 0x005B6068, ColumnNumber = 1, FieldIdentifier = SQL_DESC_TYPE_NAME=14, CharacterAttributePtr = 0x05560020, BufferLength = 600, StringLengthPtr = 0x001CCFB0, NumericAttributePtr = 0x001C9420, fFieldIndentifier Type = SQL_C_WCHAR=-8
	Return:	SQL_SUCCESS=0
	Out:	*CharacterAttributePtr = "varchar", *StringLengthPtr = 14, *NumericAttributePtr = <unmodified>
	TST1001: Buffer NumericAttributePtr was not updated.

Get Data All:
"col1", "col2", "col3", "col4", "col5", "col6", "col7", "col8", "col9", "col10", "col11", "col12", "col13", "col14", "col15", "col16", "col17", "col18", "col19", "col20", "col21", "col22", "col23", "col24", "col25", "col26", "col27", "col28", "col29", "col30", "col31", "col32", "col33", "col34", "col35", "col36", "col37", "col38", "col39", "col40", "col41", "col42", "col43", "col44", "col45", "col46", "col47", "col48", "col49", "col50", "col51", "col52", "col53", "col54", "col55", "col56", "col57", "col58", "col59", "col60", "col61", "col62", "col63", "col64", "col65", "col66", "col67", "col68", "col69", "col70", "col71", "col72", "col73"
0 rows fetched from 73 columns.

Ideas?
[15 Mar 2010 15:40] Farid Zidan 
Hi Tonci,

This crash happens only if the table has a large number of rows. I will add a private note for the table test data (about 24000) that this crash occurs with so you can load that data into the test table.

Also, you don't need to retrieve any of the table data. Prepare the SQL select *  statement and then just loop over the resultset columns to get their metadata using SQLColAttribute.

This crash happens consistently in my app using the test table/data. I can add step by step info on how to reproduce it in my app
[15 Mar 2010 16:34] Farid Zidan 
To reproduce crash using CompareData application.
1 Create table test_desc_type_name using the given DDL in this issue
2 Load the 24000+ rows for the test table from the given URL
3 Download and install CompareData 1.6.1.125 32-bit version from http://www.zidsoft.com/Download/download.html
4 Start up the application and add an MySQL ODBC data source 'MySQL Test' to connect you to the database where the test table was created
5 Add a new DBMS Comparison to compare data source 'MySQL Test' to itself
6 Adjust the Table comparison right hand side properties Name Like filter to 'test_desc_t%' for both sides
7 Refresh Tables comparison (right click on item and choose Refresh)
8 at this point you should have only one item under Tables, namely, the test table
9 Click on 'test_desc_type_name' to explore it -> Crash
10 Next time you start the application after the crash you need to reopen the DBMS Comparison (right click on it and choose Open DBMS Comparison)
11 Re open Explorer detail: right click on 'test_desc_type_name' and choose Explore -> crash

See attached screen shot
[15 Mar 2010 16:35] Farid Zidan 
CompareData screen shot to reproduce crash

Attachment: cd_crash.jpg (image/jpeg, text), 112.20 KiB.
[7 Apr 2010 8:00] Tonci Grgin 
Farid, no luck repeating this in odbcte with all data loaded:

	Successfully connected to DSN '5-1-6-on-opensol'.
SQLPrepare:
	In:	StatementHandle = 0x00296070, StatementText = "select * from  `test_desc_type_name` ", TextLength = 37
	Return:	SQL_SUCCESS=0
SQLColAttribute:
	In:	StatementHandle = 0x00296070, ColumnNumber = 1, FieldIdentifier = SQL_DESC_TYPE_NAME=14, CharacterAttributePtr = 0x024A0020, BufferLength = 600, StringLengthPtr = 0x00524B58, NumericAttributePtr = 0x00525580, fFieldIndentifier Type = SQL_C_WCHAR=-8
	Return:	SQL_SUCCESS=0
	Out:	*CharacterAttributePtr = "varchar", *StringLengthPtr = 14, *NumericAttributePtr = <unmodified>
	TST1001: Buffer NumericAttributePtr was not updated.
SQLColAttribute:
	In:	StatementHandle = 0x00296070, ColumnNumber = 2, FieldIdentifier = SQL_DESC_TYPE_NAME=14, CharacterAttributePtr = 0x024A0020, BufferLength = 600, StringLengthPtr = 0x00524B58, NumericAttributePtr = 0x00525580, fFieldIndentifier Type = SQL_C_WCHAR=-8
	Return:	SQL_SUCCESS=0
	Out:	*CharacterAttributePtr = "integer", *StringLengthPtr = 14, *NumericAttributePtr = <unmodified>
	TST1001: Buffer NumericAttributePtr was not updated.

and so on.

However, there might be a problem here so I'll ask Lawrin to check it too.
[7 Apr 2010 12:08] Farid Zidan 
Hi Tonci,

My app calls ::SQLPrepare on 'select *' on that table in order to describe the resultset. Also, there may be other ODBC calls before that such as SQLPrimaryKeys so the crash could result from combination of these calls.
[28 May 2015 11:24] Chiranjeevi Battula 
Hello Farid Zidan,

Thank you for your feedback.
I tried to reproduce the issue at my end using Visual Studio 2013 (C#.Net) and MySQL ODBC 5.3.4 but couldn't trace out any issue in large column tables.
Could you please try the latest version of  MySQL ODBC 5.3.4 and feel free to open the bug if it is not working.

Thanks,
Chiranjeevi.
[28 May 2015 11:24] Chiranjeevi Battula 
screenshot

Attachment: 52066.zip (multipart/x-zip, text), 168.57 KiB.