Ubuntu
unixodbc package

unixODBC crashes when ODBC trace is enabled

Bug #2003003 reported by Maxim on 2023-01-16

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	unixodbc (Ubuntu)	Incomplete	Undecided	Unassigned

Bug Description

The package unixODBC 2.3.9-5, that installs by default on Ubuntu 22.04 contains a crash. If ODBC trace is enabled (https://www.easysoft.com/support/kb/kb00945.html) unixODBC will crash when calling GetDiagRec(). It reports a buffer overflow while calling a _sprintf. Newer version of unixODBC, 2.3.11, does not contain this bug (I've built one from source on my 22.04 VM).

ProblemType: Bug
DistroRelease: Ubuntu 22.04
Package: unixodbc 2.3.9-5
ProcVersionSignature: Ubuntu 5.15.0-57.63-generic 5.15.74
Uname: Linux 5.15.0-57-generic x86_64
ApportVersion: 2.20.11-0ubuntu82.1
Architecture: amd64
CasperMD5CheckResult: pass
Date: Mon Jan 16 17:07:21 2023
InstallationDate: Installed on 2023-01-10 (5 days ago)
InstallationMedia: Ubuntu-Server 22.04 LTS "Jammy Jellyfish" - Release amd64 (20220421)
ProcEnviron:
TERM=xterm
PATH=(custom, no user)
XDG_RUNTIME_DIR=<set>
LANG=en_US.UTF-8
SHELL=/bin/bash
RebootRequiredPkgs: Error: path contained symlinks.
SourcePackage: unixodbc
UpgradeStatus: No upgrade log present (probably fresh install)

Tags:

Revision history for this message

Maxim (maxim-insightsoftware) wrote on 2023-01-16:

App I used to test, run with connection string as parameter Edit (2.6 KiB, text/x-csrc)
Dependencies.txt Edit (633 bytes, text/plain; charset="utf-8")
ProcCpuinfoMinimal.txt Edit (1.1 KiB, text/plain; charset="utf-8")

Revision history for this message

Lucas Kanashiro (lucaskanashiro) wrote on 2023-01-17:

Thanks for taking the time to report this bug and trying to make Ubuntu better.

I did not try to reproduce the bug myself but I found this upstream bug which might be related to this issue:

https://github.com/lurcher/unixODBC/commit/965bffbb53b0a84a3311372f88a56db518240606

Could you please confirm if this commit on top of 2.3.9-5 fixes the problem you have? Unfortunately, we cannot update to a new upstream version in a stable release, so we need to find the right patch to be backported to fix this bug.

Revision history for this message

Sergio Durigan Junior (sergiodj) wrote on 2023-03-21:

To add on top of what Lucas already said, it would be great if you could provide the steps you've taken to reproduce the issue. I noticed you did provide a link explaining how to enable the trace (thank you!), but you mention that ODBC will crash when it calls GetDiagRec(). Would it be possible to provide steps on how to make ODBC do that?

I'm marking this bug as Incomplete to reflect the fact that we're waiting on more information from you. Once you provide such information, please set the bug status back to New and we will be happy to continue working on it. Thanks!

Changed in unixodbc (Ubuntu):
status:	New → Incomplete

Revision history for this message

freemine xu (freemine) wrote on 2023-04-27:

the same problem here with steps as follows to reproduce
1. sudo apt install unixodbc
2. sudo apt install unixodbc-dev # this might not be related
3. adding below section in /etc/odbcinst.ini
   [ODBC]
   Trace=yes
   TraceFile=/tmp/blabal.log
3. install any ODBC driver, such as that for mysql
4. isql -v <DSN for datasource> # NOTE: must add -v to enable `verbose` mode
5. afdsfasdfsdf; # any statement that would generate failure SQLxxx call
then, you would get this:
*** buffer overflow detected ***: terminated
Aborted (core dumped)