Informix

Informix

Connect with Db2, Informix, Netezza, open source, and other data experts to gain value from your data, share insights, and solve problems.

 View Only
Back to discussions
Expand all | Collapse all

Where to report bugs for Informix 15

  • 1.  Where to report bugs for Informix 15

    Posted Mon December 09, 2024 12:46 PM

    Hello,

    Sorry it's unclear to me where I should report bugs... (we found one with HCL Informix 15 CSDK)

    On https://support.hcl-software.com, I can't find "HCL Informix" in the product list... only OneDB ...
    We detected a defect in the ESQL/C libs when using a CONNECT TO with USER/USING clause.
    The cc address sanitizer shows a heap buffer overflow...
    Try attached sample on Linux x86:
    $ INFORMIXC="cc -fsanitize=address" esql -o test0041.bin test0041.ec
    $ ./test0041.bin 
    =================================================================
    ==610935==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x603000006ec8 at pc 0x7f5b2ee4a731 bp 0x7ffeacf66360 sp 0x7ffeacf65b10
    READ of size 25 at 0x603000006ec8 thread T0
        #0 0x7f5b2ee4a730 in __interceptor_strlen ../../../../src/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:389
        #1 0x7f5b2f67e49a in _iqset2err (/opt3/dbs/ifx/HCL-CSDK-15.0.0.0/lib/esql/libifsql15a.so+0x3449a)
        #2 0x7f5b2f65d1eb in proc_srvrresp (/opt3/dbs/ifx/HCL-CSDK-15.0.0.0/lib/esql/libifsql15a.so+0x131eb)
        #3 0x7f5b2f65e1c4 in asf_connect (/opt3/dbs/ifx/HCL-CSDK-15.0.0.0/lib/esql/libifsql15a.so+0x141c4)
        #4 0x7f5b2f65e8e1 in sqli_connect_open (/opt3/dbs/ifx/HCL-CSDK-15.0.0.0/lib/esql/libifsql15a.so+0x148e1)
        #5 0x5590b266e3a5 in main (/home/sf/dbvendors/informix/problems/test0041.bin+0x13a5)
        #6 0x7f5b2eb67249 in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
        #7 0x7f5b2eb67304 in __libc_start_main_impl ../csu/libc-start.c:360
        #8 0x5590b266e130 in _start (/home/sf/dbvendors/informix/problems/test0041.bin+0x1130)
    0x603000006ec8 is located 0 bytes to the right of 24-byte region [0x603000006eb0,0x603000006ec8)
    allocated by thread T0 here:
        #0 0x7f5b2eeb83b7 in __interceptor_calloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:77
        #1 0x7f5b2f577ee4 in meAlloc (/opt3/dbs/ifx/HCL-CSDK-15.0.0.0/lib/esql/libifos15a.so+0x14ee4)
        #2 0x7f5b2f614297 in ascOptBin (/opt3/dbs/ifx/HCL-CSDK-15.0.0.0/lib/libifasf15a.so+0x28297)
        #3 0x7f5b2f60ea33 in ascBinary (/opt3/dbs/ifx/HCL-CSDK-15.0.0.0/lib/libifasf15a.so+0x22a33)
        #4 0x7f5b2f610305 in pfConReq (/opt3/dbs/ifx/HCL-CSDK-15.0.0.0/lib/libifasf15a.so+0x24305)
        #5 0x7f5b2f609bff in cmReqSync (/opt3/dbs/ifx/HCL-CSDK-15.0.0.0/lib/libifasf15a.so+0x1dbff)
        #6 0x7f5b2f60a964 in cmConReq (/opt3/dbs/ifx/HCL-CSDK-15.0.0.0/lib/libifasf15a.so+0x1e964)
        #7 0x7f5b2f5ffa71 in ascRequest (/opt3/dbs/ifx/HCL-CSDK-15.0.0.0/lib/libifasf15a.so+0x13a71)
        #8 0x7f5b2f602058 in ASF_Call (/opt3/dbs/ifx/HCL-CSDK-15.0.0.0/lib/libifasf15a.so+0x16058)
        #9 0x7f5b2f65df9e in asf_connect (/opt3/dbs/ifx/HCL-CSDK-15.0.0.0/lib/esql/libifsql15a.so+0x13f9e)
        #10 0x7f5b2f65e8e1 in sqli_connect_open (/opt3/dbs/ifx/HCL-CSDK-15.0.0.0/lib/esql/libifsql15a.so+0x148e1)
        #11 0x5590b266e3a5 in main (/home/sf/dbvendors/informix/problems/test0041.bin+0x13a5)
        #12 0x7f5b2eb67249 in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
    SUMMARY: AddressSanitizer: heap-buffer-overflow ../../../../src/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:389 in __interceptor_strlen
    Shadow bytes around the buggy address:
      0x0c067fff8d80: fa fa 00 00 00 00 fa fa 00 00 00 04 fa fa fd fd
      0x0c067fff8d90: fd fd fa fa fd fd fd fa fa fa fd fd fd fa fa fa
      0x0c067fff8da0: fd fd fd fa fa fa fd fd fd fa fa fa fd fd fd fd
      0x0c067fff8db0: fa fa fd fd fd fd fa fa fd fd fd fa fa fa fd fd
      0x0c067fff8dc0: fd fa fa fa 00 00 05 fa fa fa 00 00 00 00 fa fa
    =>0x0c067fff8dd0: fd fd fd fd fa fa 00 00 00[fa]fa fa fa fa fa fa
      0x0c067fff8de0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
      0x0c067fff8df0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
      0x0c067fff8e00: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
      0x0c067fff8e10: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
      0x0c067fff8e20: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
    Shadow byte legend (one shadow byte represents 8 application bytes):
      Addressable:           00
      Partially addressable: 01 02 03 04 05 06 07 
      Heap left redzone:       fa
      Freed heap region:       fd
      Stack left redzone:      f1
      Stack mid redzone:       f2
      Stack right redzone:     f3
      Stack after return:      f5
      Stack use after scope:   f8
      Global redzone:          f9
      Global init order:       f6
      Poisoned by user:        f7
      Container overflow:      fc
      Array cookie:            ac
      Intra object redzone:    bb
      ASan internal:           fe
      Left alloca redzone:     ca
      Right alloca redzone:    cb
    ==610935==ABORTING
    #include <stdlib.h>
#include <stdio.h>
#include <signal.h>
#include <string.h>

void check_sqlcode(const char *msg)
{
    printf(">> [%s]:  sqlcode=%d\n", msg, sqlca.sqlcode);
    if (sqlca.sqlcode != 0 && sqlca.sqlcode != 100)
        exit(1);
}

int main(int argc, char ** argv)
{
    EXEC SQL BEGIN DECLARE SECTION;
    const char * un = "informix";
    const char * up = "fourjs";
    EXEC SQL END DECLARE SECTION;

    EXEC SQL CONNECT TO "testdb1" USER :un USING :up;
    check_sqlcode("CONNECT TO");

    return 0;
}
    Seb


    ------------------------------
    Sebastien FLAESCH
    ------------------------------


  • 2.  RE: Where to report bugs for Informix 15

    Posted Tue December 10, 2024 01:45 AM

    Do you have any maintenance contract with some one (IBM or HCL)?
    Support needs a case to investigate a new bug (and open it when confirmed)
    The exact version/product when creating the case does not matter that much. 
    But a case is needed. 



    ------------------------------
    Hedwig Fuchs
    ------------------------------

    Original Message


  • 3.  RE: Where to report bugs for Informix 15

    Posted Tue January 07, 2025 01:09 PM

    HCL/IBM people: Can you please try to reproduce and provide a bug ID?

    We have no way for now to create a case for HCL Informix products with our account.

    Seb



    ------------------------------
    Sebastien FLAESCH
    ------------------------------

    Original Message


  • 4.  RE: Where to report bugs for Informix 15

    Posted Wed January 08, 2025 07:10 AM

    Hi Seb,

    I tried to repro this, but so far don't see the problem you're seeing.

    I installed libasan, took your code, with adjustments for my env, compiled and then executed it:

    > INFORMIXC="cc -fsanitize=address" esql -o test0041.bin test0041.ec
    > LD_LIBRARY_PATH=$INFORMIXDIR/lib:$INFORMIXDIR/lib/esql ./test0041.bin
    >> [CONNECT TO]:  sqlcode=0
    >

    I'm using CSDK  5.0.0.0 on RHEL.  What could I be missing?  Anything to do or set to enable this address sanitizing?

     Andreas



    ------------------------------
    Andreas Legner
    Informix Dev
    HCL Software
    ------------------------------

    Original Message


  • 5.  RE: Where to report bugs for Informix 15

    Posted Wed January 08, 2025 07:31 AM

    Hi Andreas!

    Thanks for considering this...

    Sorry I did not mention that I get this address sanitizer error only when the user/pswd is invalid!

    Can you try with an invalid user/pswd to get an SQL error -951 ?

    On my side I confirm that I do not get the heap-buffer-overflow report when connection succeeds.

    Looks like some cleanup is missing in the ESQL/C libs in case of SQL error.

    We have detected this in our QA tests, to check -951 errors. 

    Just in case here is my environment...

    sf@toro:~/dbvendors/informix/problems$ uname -a
Linux toro 6.1.0-28-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.1.119-1 (2024-11-22) x86_64 GNU/Linux

sf@toro:~/dbvendors/informix/problems$ esql -V
IBM Informix CSDK Version 15.0, IBM Informix-ESQL Version 15.0.0.0

sf@toro:~/dbvendors/informix/problems$ gcc --version
gcc (Debian 12.2.0-14) 12.2.0
Copyright (C) 2022 Free Software Foundation, Inc.
This is free software; see the source for copying conditions.  There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

sf@toro:~/dbvendors/informix/problems$ INFORMIXC="cc -fsanitize=address" esql -o test0041.bin test0041.ec

sf@toro:~/dbvendors/informix/problems$ ./test0041.bin 
=================================================================
==425538==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x603000006ef8 at pc 0x7fef76e4a731 bp 0x7ffdf29019d0 sp 0x7ffdf2901180
READ of size 25 at 0x603000006ef8 thread T0
    #0 0x7fef76e4a730 in __interceptor_strlen ../../../../src/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:389


...

    Seb



    ------------------------------
    Sebastien FLAESCH
    ------------------------------

    Original Message


  • 6.  RE: Where to report bugs for Informix 15

    Posted Wed January 08, 2025 08:38 AM

    Bingo, bad pw does the trick.

    Still going to verify the problem is new in v15, then logging a defect.



    ------------------------------
    Andreas Legner
    Informix Dev
    HCL Software
    ------------------------------

    Original Message


  • 7.  RE: Where to report bugs for Informix 15

    Posted Wed January 08, 2025 07:34 AM
    Edited by Sebastien FLAESCH Wed January 08, 2025 07:48 AM

    Note that I do NOT get the address sanitizer error with ESQL/C 4.50.FC11W1 when executing the pure ESQL/C sample:

    sf@toro:~/dbvendors/informix/problems$ esql -V
IBM Informix CSDK Version 4.50, IBM Informix-ESQL Version 4.50.FC11W1

sf@toro:~/dbvendors/informix/problems$ INFORMIXC="cc -fsanitize=address" esql -o test0041.bin test0041.ec

sf@toro:~/dbvendors/informix/problems$ ./test0041.bin 
>> [CONNECT TO]:  sqlcode=-951

    BUT quite strangely, I get the sanitizer error when executing our tests for Genero BDL, when trying to connect with CSDK 4.50.FC11W1 to an Informix 15 server ...

    fglcomp -M rt_userauth.4gl
fglrun -l -o rt_userauth.42r rt_userauth.42m _expect.42m
. ./setenv.sh && sh fglrun-silent.sh rt_userauth
=================================================================
==460604==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x603000026280 at pc 0x7f21fda47cf9 bp 0x7ffc230e0eb0 sp 0x7ffc230e0660
READ of size 34 at 0x603000026280 thread T0
    #0 0x7f21fda47cf8 in __interceptor_memmove ../../../../src/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:810
    #1 0x7f21fb032690 in _iqset2err (/opt3/dbs/ifx/CSDK-4.50.FC11W1/lib/esql/libifsql.so+0x32690)
    #2 0x7f21fb0122c8 in proc_srvrresp (/opt3/dbs/ifx/CSDK-4.50.FC11W1/lib/esql/libifsql.so+0x122c8)
    #3 0x7f21fb01321d in asf_connect (/opt3/dbs/ifx/CSDK-4.50.FC11W1/lib/esql/libifsql.so+0x1321d)
    #4 0x7f21fb013810 in sqli_connect_open (/opt3/dbs/ifx/CSDK-4.50.FC11W1/lib/esql/libifsql.so+0x13810)
    #5 0x7f21fc8ce0cd in ODI_connect /home/sf/genero/devel/fgl/fgl/src/sqldriver/informix/ifx91.ec:598
...

0x603000026280 is located 0 bytes to the right of 32-byte region [0x603000026260,0x603000026280)
allocated by thread T0 here:
    #0 0x7f21fdab83b7 in __interceptor_calloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:77
    #1 0x7f21fa413b99 in meAlloc (/opt3/dbs/ifx/CSDK-4.50.FC11W1/lib/esql/libifos.so+0x13b99)
    #2 0x7f21fac28051 in ascOptBin (/opt3/dbs/ifx/CSDK-4.50.FC11W1/lib/libifasf.so+0x28051)
    #3 0x7f21fac2228a in ascBinary (/opt3/dbs/ifx/CSDK-4.50.FC11W1/lib/libifasf.so+0x2228a)
    #4 0x7f21fac23c05 in pfConReq (/opt3/dbs/ifx/CSDK-4.50.FC11W1/lib/libifasf.so+0x23c05)
    #5 0x7f21fac1d517 in cmReqSync (/opt3/dbs/ifx/CSDK-4.50.FC11W1/lib/libifasf.so+0x1d517)
    #6 0x7f21fac1dfb8 in cmConReq (/opt3/dbs/ifx/CSDK-4.50.FC11W1/lib/libifasf.so+0x1dfb8)
    #7 0x7f21fac130c7 in ascRequest (/opt3/dbs/ifx/CSDK-4.50.FC11W1/lib/libifasf.so+0x130c7)
    #8 0x7f21fac15665 in ASF_Call (/opt3/dbs/ifx/CSDK-4.50.FC11W1/lib/libifasf.so+0x15665)
...

    Something wrong in _iqset2err() ?

    Seb



    ------------------------------
    Sebastien FLAESCH
    ------------------------------

    Original Message


  • 8.  RE: Where to report bugs for Informix 15

    Posted Wed January 08, 2025 08:48 AM

    Seeing exact same problem with 4.50.FC11 as well as upcoming 4.50.FC12.

    Not sure why you're not seeing it with esql/c, but with 4gl.

    Also, is this testing done newly on your end, or did it just never fail in the past?

    Anyway, will log the defect now, thanks for the concise repro steps!

    BR,
     Andreas



    ------------------------------
    Andreas Legner
    Informix Dev
    HCL Software
    ------------------------------

    Original Message


  • 9.  RE: Where to report bugs for Informix 15

    Posted Wed January 08, 2025 09:24 AM

    Andreas,

    Glad that you could repro! Please provide the defect ID when created.

    We have detected this address sanitizer issue recently with Informix 15 and CSDK 15 and 4.50.

    Seb



    ------------------------------
    Sebastien FLAESCH
    ------------------------------

    Original Message


  • 10.  RE: Where to report bugs for Informix 15

    Posted Wed January 08, 2025 07:37 AM

    Andreas,

    Anything to do or set to enable this address sanitizing?

    The GCC address sanitizer is enabled when you specify the -fsanitize=address option.

    That's why you want to set:

    $ export INFORMIXC="cc -fsanitize=address"

    Before using the esql compiler.

    Seb



    ------------------------------
    Sebastien FLAESCH
    ------------------------------

    Original Message


  • 11.  RE: Where to report bugs for Informix 15

    Posted Wed January 08, 2025 08:47 AM

    Hello Seb,

    This might not be an official response but I am aware of the Actian Community for HCL Informix products.

    As for the problem you described here, I am able to reproduce it in both HCL and IBM versions of Informix 15.0. The  exception is raised during error processing so is seen only when there is a problem such as a bad username or password. I have raised an internal defect for the problem.

    If you are able to raise a support case for either HCL or IBM versions of Informix, please reference defect idsdb00116321.


    Simon



    ------------------------------
    Simon Riddle
    ------------------------------

    Original Message


  • 12.  RE: Where to report bugs for Informix 15

    Posted Thu January 09, 2025 01:50 AM

    Bugs CQ idsdb00116320 and idsdb00116321 have been created (independently by me and someone from Tech Support) from your test case, one for 14.10 and the other for 15.0.  I reproduced the problem (pretty closely) with 14.10.FC10.  I've not yet managed to reproduce it with pre-release builds of 14.10.FC12, nor with 15.0.  I'm not clear why I'm having the problems.



    ------------------------------
    Jonathan Leffler
    ------------------------------

    Original Message


Related Content