Why do I get an access violation in the Microsoft SQL Server ODBC driver when using the ODBC-ODBC Bridge?

We reported the following issue on the microsoft.public.sqlserver.odbc forum:

1. Using Microsoft SQL Server ODBC driver version 3000.81.9030.04, create a table and deny SELECT permission to a specific user.
2. From Microsoft ODBC Test, do a full connect with ODBC 2.0 checked.
3. Do an SQLPrepare(select * from table)
4. Do an SQLNumResultCols. This fails with permission denied.
5. Do an SQLExecute.

   You then get an exception in ODBC Test:

   "The instruction at "0x119c8fcc" referenced memory at
   "0x0170e000". The memory could not be written"

Here's some more detailed output from a different application:

Exception Address: 0X1F9C8F22
Number of Parameters: 2
Exception Record: 0X00000000
Exception Information (RW Flag) : Write
Exception Information (Virtual Address) : 0X0162E000

Module: C:\WINNT\System32\SQLSRV32.dll, Section: 01,
Offset:00007F22
Call Stack:
Address   Frame
1F9C8F22  0120F854  SQLNumResultCols+3EB
1F9EF7E4  0120F8B8  BCP_init+5D2
1F9F1737  0120F8CC  SQLNativeSqlW+637
1F9F47DA  0120F900  SQLExecute+1E1
1F7CD793  0120F91C  SQLExecute+D1
004227CC  0120F988  0001:000217CC
C:\WINNT\System32\esoobserver.exe
00419A85  0120FF84  0001:00018A85
C:\WINNT\System32\esoobserver.exe
0042F218  0120FFB8  0001:0002E218
C:\WINNT\System32\esoobserver.exe
77F04EDE  0120FFEC  lstrcmpiW+BE
No deeper stack frame

Brannon Jones, MDAC Developer said he had reproduced it and submitted a bug report.

We have also reproduced this issue with version 2000.85.1025.00 of the Microsoft SQL Server ODBC driver.

You might be able to identify this problem from the entry the Easysoft ODBC-ODBC Bridge server puts into the application event log or the esoob.exception file in LogDir. For example:

Current ODBC-ODBC Bridge Flags: 0X112
OS: Major 5, Minor 0, Build 2195, Service Pack 4
PageSize: 4096, AllocationG: 65536, MinAppA: 00010000, MaxAppA: 7FFEFFFF
Active Processor Mask: 1, Number of Processors: 1
Username: XXXXX
Computer Name: YYYYY
cwd: C:\WINNT\system32
System Dir: C:\WINNT\system32
Windows Dir: C:\WINNT
Exception Code: 0XC0000005 (ACCESS_VIOLATION) 
Exception Flags: 0 
Exception Address: 0X0176136B 
Number of Parameters: 2 
Exception Record: 0X00000000 
Exception Information (RW Flag) : Write 
Exception Information (Virtual Address) : 0X01C0D000
exception_filter() at 0041C7B0
RPCAllocHandle() at 0042EE98
Last RPC: Name=sql_execute, Ordinal=91
Current Thread : 2060
Module: C:\WINNT\System32\SQLSRV32.dll, Section: 01, Offset:0000036B 
Thread List:
in_use, threadid, threadh, socket, client_ip, dsn,start_time 
0 340 0x00000000 1744 10.10.10.5 - Tue Sep 14 13:25:11 2004

One of our customers came to us with an exception like the one below. After much investigation, it seems that the Microsoft SQL Server ODBC driver was writing off the end of the parameter status array (that is, the buffer set with SQL_ATTR_PARAM_STATUS_PTR). The circumstances in which this happens are fairly complicated, but can be summarised as:

1. Create a statement.
2. Prepare some SQL.
3. Set SQL_ATTR_PARAM_STATUS_PTR.
4. Set SQL_ATTR_PARAMSET_SIZE to n (for example, 1000).
5. Bind parameters.
6. Execute the statement.
7. Reset parameters with RESET_PARAMS.
8. Set SQL_ATTR_PARAMSET_SIZE to n-m (for example, 800).
9. Set SQL_ATTR_PARAM_STATUS_PTR.
10. Bind parameters.
11. The execute fails here.

What seems to be happening is that the driver has missed the reduction in SQL_ATTR_PARAMSET_SIZE when writing the parameter status array values back.

Easysoft ODBC-ODBC Bridge
Version: 02.00.0012
Component: ODBC-ODBC Bridge Server (ODBC thread/process)
Build Date: $Built: Jan9 2006 11:30:53 $
Caught Exception on Thu Jan 12 00:36:51 2006

Current ODBC-ODBC Bridge Flags: 0X8112
OS: Major 5, Minor 2, Build 3790, 
PageSize: 4096, AllocationG: 65536, MinAppA: 00010000, MaxAppA: 7FFEFFFF
Active Processor Mask: 3, Number of Processors: 2
Computer Name: XXXXX
cwd: C:\WINDOWS\system32
System Dir: C:\WINDOWS\system32
Windows Dir: C:\WINDOWS
Exception Code: 0XC0000005 (ACCESS_VIOLATION)
Exception Flags: 0
Exception Address: 0X1F9DA74F
Number of Parameters: 2
Exception Record: 0X00000000
Exception Information (RW Flag) : Write
Exception Information (Virtual Address) : 0X0144910E
exception_filter() at 004208C0
RPCAllocHandle() at 00434BFC
Last RPC: Name=sql_execute, Ordinal=91
Current Thread : 5884
Module: C:\WINDOWS\system32\SQLSRV32.dll, Section: 01, Offset:0001974F
Call Stack:
Address Frame
1F9DA74F0184F150SQLDescribeColW+2978
No deeper stack frame
Last error from StackWalk = 0
Thread List:
in_use, threadid, threadh, socket, client_ip, dsn,start_time
1 760 0x00000118 364 172.20.30.10 vtqrs Thu Jan 12 00:36:16 2006

1 5884 0x0000014C 368 172.20.30.10 vtqrs Thu Jan 12 00:36:16 2006

We reproduced this with Microsoft SQL Server ODBC driver versions 2000.85.1025.00, 2000.86.1830.0, 2000.85.1117.00, and 2000.85.1022.00. It may also happen in other versions.

• About Easysoft

• Contact us
• About us
• Clients
• Blog
• Careers

• Products

• ODBC drivers
• JDBC drivers
• Bridges and gateways
• In development

• Services

• Consultancy
• Training
• Custom development

• Licensing

• Product licenses
• Prices

• Support

• Support home
• Solution wizard
• Getting Started Guides
• User Guides
• Knowledge Base

• Search

• Easysoft.com
• Documentation
• Knowledge Base

• Popular Resources

• Developer area
• Client applications

• Legal

• Privacy statement

© 1993 - 2024 Easysoft Limited. All rights reserved. Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other trademarks and registered trademarks appearing on easysoft.com are the property of their respective owners.

• 
• 
•