Board index » delphi » Re: DBExpress bug reading Blob fields

Re: DBExpress bug reading Blob fields


2006-02-09 10:40:21 PM
delphi183
Michael Winter writes:
Quote
However, the actual problem, as far as I can see, is in SqlExpr.
OK, so could you QC a test case, please?
Thanks!
--
Craig Stuntz [TeamB] ?Vertex Systems Corp. ?Columbus, OH
Delphi/InterBase Weblog : blogs.teamb.com/craigstuntz
How to ask questions the smart way:
www.catb.org/~esr/faqs/smart-questions.html
 
 

Re: DBExpress bug reading Blob fields

Hi all,
I just stumbled about an issue that can lead to reading wrong data from
DB, an access violation, or even overwriting a random part of memory. I
thought I should let you (and Google Groups) know about. I tried to find
something similar in QC with no success (although I must confess perhaps
I gave up to early).
The problem is that SqlExpr.GetBlobSize not only returns the size (in
bytes) of a Blob field but also adjusts the length of the DataSet's
BlobBuffer (that's an array of byte).
During TSQLBlobStream.ReadBlobData, there are two points where
GetBlobSize is called. The first is in ReadBlobData directly, the second
one in GetFieldData(FielNo, Buffer) to determine whethter the size is
zero. Of cause, both calls return the same Blob size and adjust the
BlobBuffer array to the same size. Now, if the memory manager decides to
actually reallocate (i. e. return a new piece of memory and discard the
old one) at the second call, the content of DataSet.BlobBuffer is
different to the Buffer argument the GetFieldData function received. In
that case, the Buffer pointer points to memory that is no longer valid,
and GetFieldData will write to this (invalid) Buffer.
Neither DynArray.SetLength nor System.ReallocMem do compare old and new
sizes in order to avoid reallocating if the size doesn't change
(ReallocMem actually can't).
It seems that Borland's original memory manager doesn't reallocate if
sizes are equal, however, MM4 in some circumstances does, at least up to
version 58. (To verify this, allocate 1349 bytes, then reallocate to
1407 and again to 1407. The latter two pointers differ. The numbers are
just two Blob sizes of consecutive records where the bug occured here.)
One might argue that a MM should not exchange pointers on ReallocMem if
sizes are equal, but (even if it would be useful) it is not mentioned
somewhere in the docs that it must not do so.
My current workaround is a runtime patch that 'overrides'
TCustomSqlDataSet.SetCurrentBlobSize and makes it just exit if the new
size is equal the current one. I will also report this to the author of
MM4. However, the actual problem, as far as I can see, is in SqlExpr.
-Michael
 

Re: DBExpress bug reading Blob fields

Hi Michael,
Quote
It seems that Borland's original memory manager doesn't reallocate if
sizes are equal, however, MM4 in some circumstances does, at least up to
version 58. (To verify this, allocate 1349 bytes, then reallocate to 1407
and again to 1407. The latter two pointers differ. The numbers are just
two Blob sizes of consecutive records where the bug occured here.)
Good catch! Currently if you allocate a block in the range 1261-1372 bytes
and then reallocate to the range 1373-1429 twice, FastMM will move the block
during the second reallocmem - which isn't necessary. This quirk is due to
the upsize padding behaviour of FastMM*.
I have already fixed it in the internal build.
Thanks,
Pierre
*When small blocks cannot be upsized in place during a ReallocMem call they
are at least doubled in size. However doubling a block of size 1373-1429
causes the block type to change to a medium block, for which the padding
rules are different. The second reallocmem to the range 1373-1429 thus uses
the medium block rules, and unfortunately due to an oversight on my part
causes it to be reallocated again.
 

Re: DBExpress bug reading Blob fields

Craig Stuntz [TeamB] writes:
Quote
OK, so could you QC a test case, please?
[x] Done. Report #24704.
-Michael
 

Re: DBExpress bug reading Blob fields

Pierre le Riche writes:
Quote
I have already fixed it in the internal build.
Wow, that was fast. Like FastMM ;-)
Thanks.
-Michael
 

Re: DBExpress bug reading Blob fields

"Michael Winter" <XXXX@XXXXX.COM>escribi?en el mensaje
Quote
[x] Done. Report #24704.

-Michael
Is possible that this bug is the cause of QC #22878 "Blob output params of
StoredProcs truncated in D2006" ?
qc.borland.com/wc/qcmain.aspx
 

Re: DBExpress bug reading Blob fields

J.L.Rocha writes:
Quote
Is possible that this bug is the cause of QC #22878 "Blob output
params of StoredProcs truncated in D2006" ?

qc.borland.com/wc/qcmain.aspx
I wonder if he checked TSQLDataSet.MaxBlobSize. I will ask. A lot of
people miss that.
--
Craig Stuntz [TeamB] ?Vertex Systems Corp. ?Columbus, OH
Delphi/InterBase Weblog : blogs.teamb.com/craigstuntz
All the great TeamB service you've come to expect plus (New!)
Irish Tin Whistle tips: learningtowhistle.blogspot.com