[unixODBC-support] Segfault in copy_and_convert_field on 64-bit Linux host

Wayne Schroeder schroede at zuri.sdsc.edu
Mon Jul 16 16:26:13 BST 2007


Hello,

I'm seeing a segfault in unixODBC on a 64-bit Linux host, using
unixODBC-2.2.12 and libiodbc-3.52.5 with postgresql-8.2.4.

If I enable gcc -g and track it some, gdb indicates that the stack is
getting corrupted in convert.c in copy_and_convert_field at line 740
and if I comment that out, at line 232 in copy_and_convert_field.
Line 740 is:
            *(SDWORD *) ((char *)pcbValue + pcbValueOffset) = len;
and 232 is:
            *(SDWORD *) ((char *) pcbValue + pcbValueOffset) = SQL_NULL_DATA;

Those lines execute, but if I do a 'where' at that point, the
stack is corrupted.  So it segfaults soon after that.

It's possible that some error in my calling parameters to some ODBC
function is causing this, but I don't see what it might be.

We've been successfully using psqlodbc-07.03.0200 for years, but are
now trying to convert to unixODBC and libiodbc so our system can run
on 64-bit Linux hosts.

We also see a segfault on a 32-bit Linux host, but I seem to be able
to workaround it by reducing the optimization level (gcc -O0).  But
that may just be luck, i.e. -O0 might just change something (stack
layout perhaps) that makes the error non-fatal.

This is for our new open source dataGrid system caleed iRODS (see
http:/irods.sdsc.edu ) that uses either postgreSQL (via ODBC) or
Oracle (via OCI) to save and query lots of different types of state
information.

Any ideas or suggestions?

Details below.

Thanks,

 - Wayne Schroeder -

San Diego Supercomputer Center
Data Intensive Computing Environments (DICE) R&D Group
http://users.sdsc.edu/~schroede

% uname -a
Linux cipres3 2.6.9-42.0.8.ELsmp #1 SMP Tue Jan 23 12:49:51 
EST 2007 x86_64 x86_64 x86_64 GNU/Linux


Breakpoint 4, copy_and_convert_field (stmt=0x6a9990, field_type=20, value=0x6bed60, fCType=1, rgbValue=0x6bf0c0,
    cbValueMax=21, pcbValue=0x7fbfffc37c) at convert.c:740
740             *(SDWORD *) ((char *)pcbValue + pcbValueOffset) = len;
(gdb) where
#0  copy_and_convert_field (stmt=0x6a9990, field_type=20, value=0x6bed60, fCType=1, rgbValue=0x6bf0c0,
    cbValueMax=21, pcbValue=0x7fbfffc37c) at convert.c:740
#1  0x0000002a956e3345 in copy_and_convert_field_bindinfo (stmt=0x6a9990, field_type=20, value=0x6bed60, col=0)
    at convert.c:161
#2  0x0000002a956ffe36 in SC_fetch (self=0x6a9990) at statement.c:721
#3  0x0000002a956fd19c in PG_SQLFetch (hstmt=0x6a9990) at results.c:814
#4  0x0000002a956fd1ba in SQLFetch (hstmt=0x6a9990) at results.c:820
#5  0x0000002a9559a0fe in SQLFetch_Internal (hstmt=Variable "hstmt" is not available.
) at fetch.c:161
#6  0x0000002a9559a3b6 in SQLFetch (hstmt=0x6a97b0) at fetch.c:230
#7  0x000000000044bda4 in cllGetRow (icss=0x65adc0, statementNumber=0)
    at ./server/src/icat/icatLowLevelPostgres.c:734
#8  0x00000000004394bf in cmlGetFirstRowFromSql (
    sql=0x7fbfffc600 "select distinct r_resc_main.resc_id ,r_resc_main.resc_name ,r_resc_main.zone_name ,r_resc_main.resc_type_name ,r_resc_main.resc_class_name ,r_resc_main.resc_net ,r_resc_main.resc_def_path  ,r_resc_mai"...,
    statement=0x7fbfffc5f8, skipCount=0, icss=0x65adc0) at ./server/src/icat/icatMidLevelRoutines.c:215
#9  0x000000000044883e in chlGenQuery (genQueryInp=
        {maxRows = 500, continueInx = 0, rowOffset = 0, options = 0, condInput = {len = 0, keyWord = 0x0, value = 0x0}, selectInp = {len = 12, inx = 0x6a93b0, value = 0x6a9410}, sqlCondInp = {len = 0, inx = 0x0, value = 0x0}},
    result=0x6a9470) at ./server/src/icat/icatGeneralQuery.c:1073
#10 0x000000000043016d in _rsGenQuery (rsComm=0x7fbfffd850, genQueryInp=0x7fbfffd6c0, genQueryOut=0x7fbfffd6b8)
    at ./server/src/api/rsGenQuery.c:63
#11 0x000000000043006f in rsGenQuery (rsComm=0x7fbfffd850, genQueryInp=0x7fbfffd6c0, genQueryOut=0x7fbfffd6b8)
    at ./server/src/api/rsGenQuery.c:27
#12 0x000000000041924e in initResc (rsComm=0x7fbfffd850) at ./server/src/misc/initServer.c:746
#13 0x00000000004180c3 in initServerInfo (rsComm=0x7fbfffd850) at ./server/src/misc/initServer.c:126
#14 0x0000000000403e97 in initServer (svrComm=0x7fbfffd850) at ./server/src/server/rodsServer.c:460
#15 0x000000000040351d in serverMain (logDir=0x0) at ./server/src/server/rodsServer.c:176
#16 0x0000000000403378 in main (argc=2, argv=0x7fbfffee08) at ./server/src/server/rodsServer.c:112
(gdb) n
742             free(tempBuf);
(gdb) n
743             return result;
(gdb) n
745     }
(gdb) n
copy_and_convert_field_bindinfo (stmt=0x6a9990, field_type=20, value=0x6bed60, col=0) at convert.c:163
163     }
(gdb) n
0x00000005956ffe36 in ?? ()
(gdb) n
Cannot find bounds of current function

If I comment out that line, then it gets past that, hits a similar problem
on a similar source line:

(gdb) n
232                             *(SDWORD *) ((char *) pcbValue + pcbValueOffset) = SQL_NULL_DATA;
(gdb) where
#0  copy_and_convert_field (stmt=0x6a9990, field_type=1043, value=0x0, fCType=1, rgbValue=0x6c0400,
    cbValueMax=251, pcbValue=0x7fbfffc37c) at convert.c:232
#1  0x0000002a956e3345 in copy_and_convert_field_bindinfo (stmt=0x6a9990, field_type=1043, value=0x0, col=7)
    at convert.c:161
#2  0x0000002a956ffe1a in SC_fetch (self=0x6a9990) at statement.c:721
#3  0x0000002a956fd180 in PG_SQLFetch (hstmt=0x6a9990) at results.c:814
#4  0x0000002a956fd19e in SQLFetch (hstmt=0x6a9990) at results.c:820
#5  0x0000002a9559a0fe in SQLFetch_Internal (hstmt=Variable "hstmt" is not available.
) at fetch.c:161
#6  0x0000002a9559a3b6 in SQLFetch (hstmt=0x6a97b0) at fetch.c:230
#7  0x000000000044bda4 in cllGetRow (icss=0x65adc0, statementNumber=0)
    at ./server/src/icat/icatLowLevelPostgres.c:734
#8  0x00000000004394bf in cmlGetFirstRowFromSql (
    sql=0x7fbfffc600 "select distinct r_resc_main.resc_id ,r_resc_main.resc_name ,r_resc_main.zone_name ,r_resc_main.resc_type_name ,r_resc_main.resc_class_name ,r_resc_main.resc_net ,r_resc_main.resc_def_path  ,r_resc_mai"...,
    statement=0x7fbfffc5f8, skipCount=0, icss=0x65adc0) at ./server/src/icat/icatMidLevelRoutines.c:215
#9  0x000000000044883e in chlGenQuery (genQueryInp=
        {maxRows = 500, continueInx = 0, rowOffset = 0, options = 0, condInput = {len = 0, keyWord = 0x0, value = 0x0}, selectInp = {len = 12, inx = 0x6a93b0, value = 0x6a9410}, sqlCondInp = {len = 0, inx = 0x0, value = 0x0}},
    result=0x6a9470) at ./server/src/icat/icatGeneralQuery.c:1073
#10 0x000000000043016d in _rsGenQuery (rsComm=0x7fbfffd850, genQueryInp=0x7fbfffd6c0, genQueryOut=0x7fbfffd6b8)
    at ./server/src/api/rsGenQuery.c:63
#11 0x000000000043006f in rsGenQuery (rsComm=0x7fbfffd850, genQueryInp=0x7fbfffd6c0, genQueryOut=0x7fbfffd6b8)
    at ./server/src/api/rsGenQuery.c:27
#12 0x000000000041924e in initResc (rsComm=0x7fbfffd850) at ./server/src/misc/initServer.c:746
#13 0x00000000004180c3 in initServerInfo (rsComm=0x7fbfffd850) at ./server/src/misc/initServer.c:126
#14 0x0000000000403e97 in initServer (svrComm=0x7fbfffd850) at ./server/src/server/rodsServer.c:460
#15 0x000000000040351d in serverMain (logDir=0x0) at ./server/src/server/rodsServer.c:176
#16 0x0000000000403378 in main (argc=2, argv=0x7fbfffee08) at ./server/src/server/rodsServer.c:112
(gdb) n
234                     free(tempBuf);
(gdb) where
#0  copy_and_convert_field (stmt=0x6a9990, field_type=1043, value=0x0, fCType=1, rgbValue=0x6c0400,
    cbValueMax=251, pcbValue=0x7fbfffc37c) at convert.c:234
#1  0x0000002a956e3345 in copy_and_convert_field_bindinfo (stmt=0x6a9990, field_type=1043, value=0x0, col=7)
    at convert.c:161
#2  0xffffffff956ffe1a in ?? ()
#3  0x0000000000000020 in ?? ()
#4  0x000c000900000020 in ?? ()
#5  0x0000002a95718f38 in ?? () from /scratch/s1/schroede/cipres1/RODS/../iRodsPostgres/pgsql/lib/libodbcpsql.so
#6  0x00650068000c0073 in ?? ()
#7  0x0000000000000000 in ?? ()
(gdb)



More information about the unixODBC-support mailing list