db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Urban Widmark (JIRA)" <j...@apache.org>
Subject [jira] Commented: (DERBY-4088) DDMReader readBytes ArrayIndexOutOfBoundsException
Date Tue, 10 Mar 2009 14:56:51 GMT

    [ https://issues.apache.org/jira/browse/DERBY-4088?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12680496#action_12680496
] 

Urban Widmark commented on DERBY-4088:
--------------------------------------

I am not necessarily saying the patch is correct, just that making the change made it work
for me. I do not claim any knowledge whatsoever about DRDA or DSS :)  Have also verified that
the data is transfered correctly after the patch by checking md5 sums of the data objects
inside and outside the database.

readBytes is called with pos=2, length=32766, the buffer length is 32767 and is not changed
by the call to ensureBLayerDataInBuffer.

Server stacktrace:
java.lang.ArrayIndexOutOfBoundsException
        at java.lang.System.arraycopy(Native Method)
        at org.apache.derby.impl.drda.DDMReader.readBytes(Unknown Source)
        at org.apache.derby.impl.drda.DRDAConnThread.readAndSetParams(Unknown Source)
        at org.apache.derby.impl.drda.DRDAConnThread.parseSQLDTA_work(Unknown Source)
        at org.apache.derby.impl.drda.DRDAConnThread.parseSQLDTA(Unknown Source)
        at org.apache.derby.impl.drda.DRDAConnThread.parseEXCSQLSTTobjects(Unknown Source)
        at org.apache.derby.impl.drda.DRDAConnThread.parseEXCSQLSTT(Unknown Source)
        at org.apache.derby.impl.drda.DRDAConnThread.processCommands(Unknown Source)
        at org.apache.derby.impl.drda.DRDAConnThread.run(Unknown Source)

Client stacktrace:
org.apache.derby.client.am.DisconnectException: The DDM object 0x1232 is not supported.  The
connection has been terminated.
        at org.apache.derby.client.net.NetConnectionReply.doObjnsprmSemantics(Unknown Source)
        at org.apache.derby.client.net.NetConnectionReply.parseCommonError(Unknown Source)
        at org.apache.derby.client.net.NetStatementReply.parseExecuteError(Unknown Source)
        at org.apache.derby.client.net.NetStatementReply.parseEXCSQLSTTreply(Unknown Source)
        at org.apache.derby.client.net.NetStatementReply.readExecute(Unknown Source)
        at org.apache.derby.client.net.StatementReply.readExecute(Unknown Source)
        at org.apache.derby.client.net.NetPreparedStatement.readExecute_(Unknown Source)
        at org.apache.derby.client.am.PreparedStatement.readExecute(Unknown Source)
        at org.apache.derby.client.am.PreparedStatement.flowExecute(Unknown Source)
        at org.apache.derby.client.am.PreparedStatement.executeUpdateX(Unknown Source)
        ... 2 more

I am also attaching a tiny testprogram that triggers this bug for me. Reproduced by:

java -classpath derbynet.jar org.apache.derby.drda.NetworkServerControl start
javac DerbyBug.java && java -cp .:derbyclient.jar DerbyBug

Database definition inside the java source. Tested vs 10.4.2.0 binary release and 10.4 svn
branch.

> DDMReader readBytes ArrayIndexOutOfBoundsException
> --------------------------------------------------
>
>                 Key: DERBY-4088
>                 URL: https://issues.apache.org/jira/browse/DERBY-4088
>             Project: Derby
>          Issue Type: Bug
>          Components: Network Server
>    Affects Versions: 10.4.2.0
>         Environment: CentOS 5, java 1.6.0_11
>            Reporter: Urban Widmark
>         Attachments: derby-ddm.patch
>
>
> DDMReader.readBytes(int length) checks the length vs DssConstants.MAX_DSS_LENGTH, but
ignores the fact that the buffer position "pos" might not be 0. If pos is non-zero then the
pos + length can be larger than the size of "buffer" causing an ArrayIndexOutOfBoundsException.
> For me this happened when sending a BLOB that was 32766 bytes long. The value of pos
was 2 in that method.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message