Opened 10 years ago

Closed 10 years ago

#3385 closed defect (fixed)

ODBC driver, crashes consistently, possible integer overflow

Reported by: guest Owned by: chaitanya
Priority: high Milestone: 1.7.2
Component: OGR_SF Version: 1.7.0
Severity: normal Keywords: odbc, segfault, overflow, postgres, postgresql, unixodbc
Cc: warmerdam

Description

I built GDAL/OGR 1.7.0 with ODBC support, and am not able to connect to any remote databases. The failure mode is a "out of memory" error which can't possibly be true, because the remote dataset is a mere 5 rows, all POINT geometries.

$ ogrinfo ODBC:gregor/mosheh@testPgSQL grid

ERROR 2: CPLMalloc(): Out of memory allocating 4294967297 bytes.

Platform is:

  • Slamd64 (64-bit Slackware) 11.0
  • GDAL/OGR 1.7.0
  • unixODBC 2.2.14 compiled from source
  • PostgreSQL driver bundled with unixODBC
  • The remote server is PostgreSQL 8.2

My odbc.ini is attached, as is the SQL which I used to create the dataset.

I sent some GDB output to Kumar Chaitanya and he suggests "The segfault occurred at http://trac.osgeo.org/gdal/browser/branches/1.7/gdal/port/cpl_odbc.cpp#L796 during a call to memcpy." The GDB output is here:

http://pastebin.com/m18fce732

Attachments (2)

dataset.txt (232 bytes) - added by guest 10 years ago.
the test dataset, five points
odbc.ini (361 bytes) - added by guest 10 years ago.
My odbc.ini file

Download all attachments as: .zip

Change History (7)

Changed 10 years ago by guest

Attachment: dataset.txt added

the test dataset, five points

Changed 10 years ago by guest

Attachment: odbc.ini added

My odbc.ini file

comment:1 Changed 10 years ago by warmerdam

Cc: warmerdam added
Component: UtilitiesOGR_SF
Owner: changed from warmerdam to chaitanyna

Chaitanya,

Could you look into this promptly in case we can get a fix in for 1.7.1.

comment:2 Changed 10 years ago by warmerdam

Milestone: 1.7.2
Priority: normalhigh

Chaitanya,

Can you please work with Gregor on this issue? I imagine Gregor could provide ssh access to the system in question if you need that to dig deeper into this problem.

comment:3 Changed 10 years ago by chaitanya

Owner: changed from chaitanyna to chaitanya

comment:4 Changed 10 years ago by guest

An update.

We are using 64-bit OS. Chaitanya diagnosed this as integer overflows in unixODBC and provided a patch, truncating the extra 4 bytes which unixODBC was filling with garbage. This patch seems to work fine in our simple test cases so far.

comment:5 Changed 10 years ago by chaitanya

Keywords: unixodbc added
Resolution: fixed
Status: newclosed

I tried to reproduce this on three different machines. Only one had this problem.

Recently unixODBC had some modifications in the declarations. I'm informing the unixodbc dev-list about this.

Fixed in trunk (r19098) and 1.7 branch (r19099).

Note: See TracTickets for help on using tickets.