Easysoft ODBC-ODBC Bridge

Why do I get an Access Violation in the MS SQL Server ODBC Driver?

Article:
00808
Last Reviewed:
22nd September 2005
Revision:
1

Issue 1

We reported the following issue on microsoft.public.sqlserver.odbc:

Using MS SQL Server ODBC driver version 3000.81.9030.04.

Create a table and deny select permission to a specific user

From odbctest do a full connect with ODBC 2.0 checked

Do an SQLPrepare(select * from table)

Do an SQLNumResultCols - this fails with permission denied

Do an SQLExecute and you get an exception in odbctest

"The instruction at "0x119c8fcc" referenced memory at
"0x0170e000". The memory could not be written"

Better exception data from my own application instead of odbctest says:

Exception Address: 0X1F9C8F22
Number of Parameters: 2
Exception Record: 0X00000000
Exception Information (RW Flag) : Write
Exception Information (Virtual Address) : 0X0162E000

Module: C:\WINNT\System32\SQLSRV32.dll, Section: 01,
Offset:00007F22
Call Stack:
Address   Frame
1F9C8F22  0120F854  SQLNumResultCols+3EB
1F9EF7E4  0120F8B8  BCP_init+5D2
1F9F1737  0120F8CC  SQLNativeSqlW+637
1F9F47DA  0120F900  SQLExecute+1E1
1F7CD793  0120F91C  SQLExecute+D1
004227CC  0120F988  0001:000217CC
C:\WINNT\System32\esoobserver.exe
00419A85  0120FF84  0001:00018A85
C:\WINNT\System32\esoobserver.exe
0042F218  0120FFB8  0001:0002E218
C:\WINNT\System32\esoobserver.exe
77F04EDE  0120FFEC  lstrcmpiW+BE
No deeper stack frame

Brannon Jones, MDAC Developer said he had reproduced it and submitted a bug.

We have also seen it in version 2000.85.1025.00 of the MS ODBC driver.

You might be able to identify this problem from the entry the OOB Server puts into the application event log or the esoob.exception file in LogDir. An example follows:

Current OOB Flags: 0X112
OS: Major 5, Minor 0, Build 2195, Service Pack 4
PageSize: 4096, AllocationG: 65536, MinAppA: 00010000, MaxAppA: 7FFEFFFF
Active Processor Mask: 1, Number of Processors: 1
Username: XXXXX
Computer Name: YYYYY
cwd: C:\WINNT\system32
System Dir: C:\WINNT\system32
Windows Dir: C:\WINNT
Exception Code: 0XC0000005 (ACCESS_VIOLATION) 
Exception Flags: 0 
Exception Address: 0X0176136B 
Number of Parameters: 2 
Exception Record: 0X00000000 
Exception Information (RW Flag) : Write 
Exception Information (Virtual Address) : 0X01C0D000
exception_filter() at 0041C7B0
RPCAllocHandle() at 0042EE98
Last RPC: Name=sql_execute, Ordinal=91
Current Thread : 2060
Module: C:\WINNT\System32\SQLSRV32.dll, Section: 01, Offset:0000036B 
Thread List:
in_use, threadid, threadh, socket, client_ip, dsn,start_time 
0 340 0x00000000 1744 10.10.10.5 - Tue Sep 14 13:25:11 2004

You can view the posting in Google.

Issue 2

One of our customers came to us with an exception like the one below. After much investigation it appears the MS SQL Server ODBC driver was writing off the end of the parameter status array (i.e. the buffer set with SQL_ATTR_PARAM_STATUS_PTR). The circumstances in which this happens are fairly complicated but are summarised as:

create a statement

prepare some sql

set SQL_ATTR_PARAM_STATUS_PTR

set SQL_ATTR_PARAMSET_SIZE to N (e.g. 1000)

bind parameters

execute the statement

reset parameters with RESET_PARAMS

set SQL_ATTR_PARAMSET_SIZE to N-M (e.g. 800)

set SQL_ATTR_PARAM_STATUS_PTR

bind parameters

execute <- fails here

What appears to be happening is that the driver has missed the reduction in the SQL_ATTR_PARAMSET_SIZE when writing the parameter status array values back.

Easysoft ODBC-ODBC Bridge
  Version: 02.00.0012
  Component: OOB Server (ODBC thread/process)
  Build Date: $Built: Jan  9 2006 11:30:53 $
  Caught Exception on Thu Jan 12 00:36:51 2006
  
  Current OOB Flags: 0X8112
  OS: Major 5, Minor 2, Build 3790, 
  PageSize: 4096, AllocationG: 65536, MinAppA: 00010000, MaxAppA: 7FFEFFFF
  Active Processor Mask: 3, Number of Processors: 2
  Computer Name: XXXXX
  cwd: C:\WINDOWS\system32
  System Dir: C:\WINDOWS\system32
  Windows Dir: C:\WINDOWS
  Exception Code: 0XC0000005 (ACCESS_VIOLATION)
  Exception Flags: 0
  Exception Address: 0X1F9DA74F
  Number of Parameters: 2
  Exception Record: 0X00000000
  Exception Information (RW Flag) : Write
  Exception Information (Virtual Address) : 0X0144910E
  exception_filter() at 004208C0
  RPCAllocHandle() at 00434BFC
  Last RPC: Name=sql_execute, Ordinal=91
  Current Thread : 5884
  Module: C:\WINDOWS\system32\SQLSRV32.dll, Section: 01, Offset:0001974F
  Call Stack:
  Address   Frame
  1F9DA74F  0184F150  SQLDescribeColW+2978
  No deeper stack frame
  Last error from StackWalk = 0
  Thread List:
  in_use, threadid, threadh, socket, client_ip, dsn,start_time
  1 760 0x00000118 364 172.20.30.10 vtqrs Thu Jan 12 00:36:16 2006
  
  1 5884 0x0000014C 368 172.20.30.10 vtqrs Thu Jan 12 00:36:16 2006

We saw this in SQL Server ODBC driver versions 2000.85.1025.00, 2000.86.1830.0, 2000.85.1117.00 and 2000.85.1022.00 but it may also be in others.

Applies To

Knowledge Base Feedback

* Did this content help you?
* Please select one option based on your first choice:

(* Required Fields)


Oracle is a registered trademark of Oracle Corporation and/or its affiliates.