Skip to content

Fixed crash after calling incorrectly parametrized request #8666

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Jul 24, 2025
Merged

Fixed crash after calling incorrectly parametrized request #8666

merged 2 commits into from
Jul 24, 2025

Conversation

Ev3nt
Copy link
Contributor

@Ev3nt Ev3nt commented Jul 23, 2025
edited
Loading

Init table:

CREATE TABLE dept (id NUMERIC(2), name VARCHAR(14), location VARCHAR(13));

If we execute procedure with incorrectrly paramerized request, we have an error (as expected):

EXECUTE BLOCK 
AS 
     DECLARE sql_stmt    VARCHAR(200);
     DECLARE dept_id     NUMERIC(2) = 50;
     DECLARE dept_name   TYPE OF COLUMN dept.name  = 'PERSONNEL';
     DECLARE location    TYPE OF COLUMN dept.location default 'DALLAS';
BEGIN
    sql_stmt = 'INSERT INTO dept VALUES (:A, :B, :C)';
    EXECUTE STATEMENT (:sql_stmt) (:dept_id, :dept_name, :location);
END;

Statement failed, SQLSTATE = 42S22
Dynamic SQL Error
-SQL error code = -206
-Column unknown
-A
-At line 1, column 26
-At block line: 9, col: 5

But when we make it correctly and try incorrectly request again, we have a crash. Correctly request:

EXECUTE BLOCK 
AS 
     DECLARE sql_stmt    VARCHAR(200);
     DECLARE dept_id     NUMERIC(2) = 50;
     DECLARE dept_name   TYPE OF COLUMN dept.name  = 'PERSONNEL';
     DECLARE location    TYPE OF COLUMN dept.location default 'DALLAS';
BEGIN
    sql_stmt = 'INSERT INTO dept VALUES (:A, :B, :C)';
    EXECUTE STATEMENT (:sql_stmt) (A := :dept_id, B :=  :dept_name, C :=  :location);
END;

I added 2 conditions to check if names is not a nullptr.
Now it throws an exception:

Statement failed, SQLSTATE = 42000
Input parameter 'A' have no value set
-At block line: 9, col: 5

@hvlad hvlad self-assigned this Jul 23, 2025
@hvlad
Copy link
Member

hvlad commented Jul 23, 2025

But when we make it correctly and try incorrectly request again

I can't understand this statement

@hvlad
Copy link
Member

hvlad commented Jul 23, 2025

Can't reproduce. Using Firebird 5.0.3 :

SQL> create database 'inet://z:\temp\8666.fdb';
SQL>
SQL> CREATE TABLE dept (id NUMERIC(2), name VARCHAR(14), location VARCHAR(13));
SQL>
SQL> set term ^;
SQL>
SQL> EXECUTE BLOCK
CON> AS
CON>      DECLARE sql_stmt    VARCHAR(200);
CON>      DECLARE dept_id     NUMERIC(2) = 50;
CON>      DECLARE dept_name   TYPE OF COLUMN dept.name  = 'PERSONNEL';
CON>      DECLARE location    TYPE OF COLUMN dept.location default 'DALLAS';
CON> BEGIN
CON>     sql_stmt = 'INSERT INTO dept VALUES (:A, :B, :C)';
CON>     EXECUTE STATEMENT (:sql_stmt) (:dept_id, :dept_name, :location);
CON> END
CON> ^
Statement failed, SQLSTATE = 42S22
Dynamic SQL Error
-SQL error code = -206
-Column unknown
-A
-At line 1, column 26
-At block line: 9, col: 5
SQL>
SQL>
SQL> EXECUTE BLOCK
CON> AS
CON>      DECLARE sql_stmt    VARCHAR(200);
CON>      DECLARE dept_id     NUMERIC(2) = 50;
CON>      DECLARE dept_name   TYPE OF COLUMN dept.name  = 'PERSONNEL';
CON>      DECLARE location    TYPE OF COLUMN dept.location default 'DALLAS';
CON> BEGIN
CON>     sql_stmt = 'INSERT INTO dept VALUES (:A, :B, :C)';
CON>     EXECUTE STATEMENT (:sql_stmt) (A := :dept_id, B :=  :dept_name, C :=  :location);
CON> END
CON> ^
SQL>
SQL> set term ;^
SQL>
SQL> select * from dept;

     ID NAME           LOCATION
======= ============== =============
     50 PERSONNEL      DALLAS

SQL> rollback;
SQL> drop database;

@Ev3nt
Copy link
Contributor Author

Ev3nt commented Jul 23, 2025

You need to retry with an incorrect request after a correct request.

@hvlad
Copy link
Member

hvlad commented Jul 23, 2025

Reproduced now, thanks.

I think the following patch (at the beginning of Statement::setInParams()) is more correct:

	if (m_error = (!names && sqlCount))
	{
		// Parameter name expected
		ERR_post(Arg::Gds(isc_eds_prm_name_expected));
	}

@hvlad hvlad merged commit 1f2fcff into FirebirdSQL:v5.0-release Jul 24, 2025
22 checks passed
hvlad pushed a commit that referenced this pull request Jul 24, 2025
@Ev3nt @hvlad
Fixed crash after calling incorrectly parametrized request (#8666)
44da3ac 
* Fixed crash after calling incorrectly parametrized request

* Patch: Fixed crash after calling incorrectly parametrized request
hvlad pushed a commit that referenced this pull request Jul 24, 2025
@Ev3nt @hvlad
Fixed crash after calling incorrectly parametrized request (#8666)
cb61311 
* Fixed crash after calling incorrectly parametrized request

* Patch: Fixed crash after calling incorrectly parametrized request
@Ev3nt Ev3nt mentioned this pull request Jul 24, 2025
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@hvlad hvlad

Labels
affect-version: 4.0.0 affect-version: 5.0.0 affect-version: 6.0 Initial fix-version: 4.0.7 fix-version: 5.0.4 fix-version: 6.0 Alpha 1 qa: done successfully type: bug
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@Ev3nt @hvlad @pavel-zotov