(CORE-2936)     Wrong page type (expected 7 found N) error.

If two consecutive leaf index pages were removed from an index (garbage collected) by two different connections at the same time, the linked list of sibling pages could become broken and the sibling pointer at another index page could point to the freed index page. When the freed page was again allocated, this index corruption would be reported.

fixed by V. Khorsun

    ~ ~ ~     

(CORE-2928)     Buffer overflow in gsec.

For reasons unknown, the gsec code copies the value of the password hash to an internal user data structure during a display operation. Since V.2.0, when the newer hash algorithm made the hash longer than previously, the buffer used for storing it could be too short.

This does not create a vulnerability because the hash value does not travel anywhere. It is harmless, anyway: the buffer overflow cannot be exploited because the first, middle and last names are filled immediately after the password. It is fixed now, thus avoiding having newer versions of glibc detecting this overflow.

fixed by A. Peshkov

    ~ ~ ~     

(CORE-2919)     The Linux installation script was ignoring non-standard ports.

fixed by A. Peshkov

    ~ ~ ~     

(CORE-2871)     If a derived table or a view contained both a left/right join and an ORDER BY clause and the outer query also contained an ORDER BY clause, the outer ORDER BY clause would have no effect.

fixed by D. Yemanov

    ~ ~ ~     

(CORE-2856)     A non-NULL key in a unique index could not be found when the key was removed

fixed by V. Khorsun

    ~ ~ ~     

(CORE-2846)     When gfix -shut <mode> -attach <timeout> failed after the specified timeout due to connections being still active, it became impossible to connect to the database.

fixed by D. Yemanov

    ~ ~ ~     

(CORE-2831)     Database and user name should not be in the output when a script is extracted.

fixed by C. Valderrama

    ~ ~ ~     

(CORE-2822)     The error “no current row for fetch operation” was being thrown when a subquery included a non-trivial derived table.

fixed by D. Yemanov

    ~ ~ ~     

(CORE-2820)     Queries with PLAN ORDER were exhibiting small memory leaks as a side effect of an earlier, major fix.

fixed by V. Khorsun

    ~ ~ ~     

(CORE-2741)     Metadata extract would misinterpret the DDL of a CHECK constraint if the CHECK keyword was in any character mix other than all lower case or all upper case.

fixed by C. Valderrama

    ~ ~ ~     

(CORE-2720)     Division involving a divisor consisting of unary addition or subtraction expressions was being evaluated wrongly, often producing an incorrect result.

fixed by V. Khorsun

    ~ ~ ~     

(CORE-2698)     If a new cached lock is needed and the permitted number of cached locks is already used up, the least recently used lock should be released and its key should be reset to a new value. When the least recently used lock could not be unlocked because it was being held by some code for too long, the call to LocksCache::get would wait indefinitely.

fixed by V. Khorsun

    ~ ~ ~     

(CORE-2684)     “Error page NNN is of wrong type (expected 7, found N)” error would occur (wrongly) sometimes, due to a logic bug in garbage collection.

fixed by V. Khorsun

    ~ ~ ~     

(CORE-2648)     NBackup's delta file was not respecting the “Forced Writes” database setting.

fixed by V. Khorsun

    ~ ~ ~     

(CORE-2640)     Under some conditions, the lock manager could fail to detect a regular deadlock and cause the server to hang.

fixed by V. Khorsun, D. Yemanov

    ~ ~ ~     

(CORE-2635)     A unique index could be corrupted at level 1 if it contained a lot of NULL keys.

fixed by V. Khorsun

    ~ ~ ~     

(CORE-2616)     Error “page <N> is of wrong type (expected 7, found 5)” could occur under load, giving the impression that something had corrupted the database. On restart, there would be no evidence of corruption.

fixed by V. Khorsun

    ~ ~ ~     

(CORE-2591)     High mutex wait ratio and degraded performance would start to show up after a period of normal performance.

fixed by D. Yemanov

    ~ ~ ~     

(CORE-2563)     It was possible to shut down the Superserver's main port (3050 by default) by sending a malformed packet of some special format, that would lead to a Denial of Service condition for new incoming connections. This exploit could be used by an unauthenticated client.

Reported 15-Jul-2009 by Core Security Technologies.

fixed by D. Yemanov

    ~ ~ ~     

(CORE-2507)     A flagging issue on Windows server platforms was causing CreateFile() failures intermittently.

fixed by V. Khorsun

    ~ ~ ~     

(CORE-2449)     An unexpected “lock conflict” error could be thrown in lieu of the expected exception.

fixed by D. Yemanov

    ~ ~ ~     

(CORE-2444)     The engine could hang when multiple attachments registered their interest in events simultaneously and free space in the events table became exhausted.

fixed by V. Khorsun

    ~ ~ ~     

(CORE-2437)     A buffer overflow could occur on a client when events were being delivered.

fixed by A. Peshkov

    ~ ~ ~     

(CORE-2415)     Firebird could crash when the system ran out of temporary space

fixed by A. Peshkov

    ~ ~ ~     

(CORE-2411)     The optimizer in v.2.0.5 would choose a slower PLAN for certain types of query than it would in version 2.0.4.

fixed by D. Yemanov

    ~ ~ ~     

(CORE-2395)     Problem in the API with handling UTF-8 4-byte characters for Japanese collations.

fixed by A. dos Santos Fernandes

    ~ ~ ~     

(CORE-2368)     An isc_cancel_events() call would be succeeded by an access violation if the event was not found.

fixed by V. Khorsun

    ~ ~ ~     

(CORE-2355)     Incorrect handling of LOWER/UPPER when result string shrinks in terms of byte length.

fixed by A. dos Santos Fernandes

    ~ ~ ~     

(CORE-2354)     “fb_lock_print -ia” output was not being flushed to the file between iterations.

fixed by A. Peshkov

    ~ ~ ~     

(CORE-2326)     Committing a new user object (a view, for example) caused an access violation if a user-defined trigger had been applied to the system table RDB$RELATIONS.

It should be noted that no Firebird server version either supports, or retains after a backup and restore, any user-defined trigger on a system table. The strong recommendation against defining such triggers remains. The fix recognises one way that user interference with system tables can compromise internal operations and disarms it.

The ability to define “DDL triggers” through the regular DDL mechanisms is on the drawing board for V.3.

fixed by D. Yemanov

    ~ ~ ~     

(CORE-2306)     Superserver could terminate abnormally when some worker thread failed to start.

fixed by A. Peshkov

    ~ ~ ~     

(CORE-2291)     The error Bugcheck 284 (cannot restore singleton select data) would be thrown on bad trigger code involving [FOR] SELECT, when the engine should have been detecting the error and throwing the proper exception.

fixed by V. Khorsun

    ~ ~ ~     

(CORE-2282)     Truncating UDFs were broken for negative numbers below -1.

fixed by C. Valderrama

    ~ ~ ~     

(CORE-2281)     Rounding UDFs were broken for negative numbers.

fixed by C. Valderrama

    ~ ~ ~     

(CORE-2272)     The server would start returning garbage when killing an events connection attempt.

fixed by A. Peshkov

    ~ ~ ~     

(CORE-2271)     The gfix utility had a legacy bug that exhibited itself during the database validation/repair routines on large databases. The privilege level of the user running these routines was being checked too late in the operation, thus allowing a non-privileged user (i.e., not SYSDBA or Owner) to start a validation operation. Once the privilege check occurred, the database validation could halt in mid-operation and thus be left unfinished, resulting in logical corruption that might not have been there otherwise.

fixed by A. Peshkov

    ~ ~ ~     

(CORE-2270)     When run in a zlogin console, isql would consume all memory and crash.

fixed by J. Swierczynski, A. Peshkov

    ~ ~ ~     

(CORE-2247)     In the QLI utility, message and descriptor buffers were not properly aligned.

fixed by A. Peshkov

    ~ ~ ~     

(CORE-2245)     A database with long exception messages defined would exhibit errors when being restored from a backup.

fixed by C. Valderrama

    ~ ~ ~     

(CORE-2173)     The server would crash after an abnormal disconnection if there was an open ExecuteStatement call.

fixed by A. Peshkov

    ~ ~ ~     

(CORE-2157)     Known issue: a bug in gcc 3.2.x, the compiler used to build the official x86 Linux packages, can cause problems when people try to build binaries that depend on the Firebird client without using the -pthread switch. Setting the -pthread switch removes the dependency of the output binary on libpthread.

Reported by A. Peshkov

    ~ ~ ~     

(CORE-1961)     A Bugcheck 210 (page in use during flush) consistency check error would be thrown during database validation.

fixed by D. Yemanov, R. Simakov

    ~ ~ ~     

(CORE-1923)     On Windows, successful execution of instsvc.exe remove was returning 1 as its completion code, instead of 0.

fixed by D. Yemanov

    ~ ~ ~     

(CORE-1089)     Selecting from a view that used DISTINCT and LEFT JOIN returned records in the wrong order if the ORDER BY clause did not include columns from the right-side (non-mandatory) table.

fixed by D. Yemanov

    ~ ~ ~     

(CORE-195)     Regression of an old bug, previously fixed in v.1.5.1, whereby a bugcheck 291 (cannnot find back record version) would occur when updating the same record that had already fired an action in a BEFORE UPDATE trigger. The regression that was reintroduced in v.2.0 was less destructive, insofar as it affected only the record that was physically first in the table.

fixed by A. Peshkov

    ~ ~ ~     

Unregistered bug     When Firebird is configured to run in some specific directory (/usr/local/firebird, /opt/firebird or any other) the @prefix@ macro should be substituted with that directory path. On MacOS it was not done and caused exceptions to be thrown when the engine tried to locate some of its components.

fixed by P. Beach

    ~ ~ ~     

(CORE-2223)     gbak was encountering several bugs when operating on the access control lists (ACLs) that store SQL privileges.

fixed by A. Peshkov

    ~ ~ ~     

(CORE-2221)     On POSIX platforms, any attachment to any database would fail after the access rights for security2.fdb were modified from 0660 to 0666.

fixed by P. Beach, A. Peshkov

    ~ ~ ~     

(CORE-2108)     When using the new implementation of Windows local protocol (XNET), the next available map number was calculated incorrectly, thus allowing the server to try to reuse a map number that already existed. If the “new” map's timestamp was equal to the timestamp of the pre-existing map, it was cause the get_free_slot() function to fail.

fixed by V. Horsun

    ~ ~ ~     

(CORE-2078)     The optimizer always had some trivial heuristics to estimate the effective stream selectivity, even if no indices could be used for the retrieval. This code missed being migrated into the ODS11 optimizer logic. The effect was that join orders chosen for cases involving non-indexed predicates were likely to be ineffective.

fixed by D. Yemanov

    ~ ~ ~     

(CORE-2077)     On POSIX platforms, the Classic server in embedded mode, i.e., loaded into the user's application space, would handle the TERM signal but would fail to call any other signal handlers in the queue. The effect was that signal handlers set by the application were not executed and the application would keep working after the termination. It was a bad idea to invoke ISC_signal_cancel() from the signal handler and the mechanism has been reworked.

fixed by A. Peshkov

    ~ ~ ~     

(CORE-2073)     The implementation of expression indexes exhibited a bug whereby an incorrect result was returned when an inverted Boolean predicate was applied to test an indexed expression.

fixed by D. Yemanov

    ~ ~ ~     

(CORE-2065)     The MacOSX installation package was in violation of platform rules by not including the client library in the dynamic loader search paths.

fixed by P. Beach

    ~ ~ ~     

(CORE-2055)     Backported a fix for a known buffer overflow in the Firebird client library.

fixed by A. Peshkov

    ~ ~ ~     

(CORE-2050)     Fixed a performance regression resulting from a surfeit of semop() system calls.

fixed by V. Horsun

    ~ ~ ~     

(CORE-2049)     Fixed a performance regression resulting from a surfeit of sigprocmask() system calls.

fixed by A. Peshkov

    ~ ~ ~     

(CORE-2000)     Under high load conditions, the lock manager could report false deadlocks.

fixed by V. Horsun

    ~ ~ ~     

(CORE-1984)     Lock manager would report false deadlocks if one of the deadlock participants was in WAIT with a permitted timeout.

fixed by V. Horsun

    ~ ~ ~     

(CORE-1983)     In any POSIX environment except Solaris, the engine was mishandling the “out of memory” condition, causing the server to crash.

fixed by A. Peshkov

    ~ ~ ~     

(CORE-1982)     Simultaneous backups or restores using the Services API under Superserver could interfere with one another.

fixed by A. dos Santos Fernandes

    ~ ~ ~     

(CORE-1972)     A non-SYSDBA user was able to change the Forced Writes mode of any database, along with several other database characteristics that should be restricted to the SYSDBA. This long-standing, legacy loophole in the handling of DPB parameters could lead to database corruptions or give ordinary users access to SYSDBA-only operations. The changes could affect several existing applications, database tools and connectivity layers (drivers, components). Details are in Chapter 3 of the accompanying Release Notes, in Changes to the Firebird API and ODS.

fixed by A. Peshkov

    ~ ~ ~     

(CORE-1970)     A “Lock conversion denied (bugcheck 215)” error could occur. This fix is related to CORE-1984 and CORE-2000 (above).

fixed by V. Horsun

    ~ ~ ~     

(CORE-1958)     When attempting to update the same record multiple times, a “Bugcheck 179 (decompression overran buffer)” failure could occur.

fixed by D. Yemanov

    ~ ~ ~     

(CORE-1957)     Because of a change done in the conversion to C++ at v.1.5, ACLs (Access Control Lists) longer than about 20 characters were being truncated. This has caused particular problems for applications that construct access privileges in run-time and has also given rise to privileges “going missing” when there are more than about 2000 privileges (for a report of the latter, see Tracker issue CORE-216).

fixed by A. Peshkov

    ~ ~ ~     

(CORE-1930)     In a situation where a stored procedure was altered to remove output parameters and dependent procedures are not recompiled, the engine should properly track the dependencies and return an exception when the altered procedure is called. Instead, it was crashing.

fixed by V. Horsun

    ~ ~ ~     

(CORE-1919)     Memory corruptions in EXECUTE STATEMENT could crash the server.

fixed by A. dos Santos Fernandes

    ~ ~ ~     

(CORE-1909)     Garbage text was being printed to firebird.log on AMD64 Linux.

fixed by A. Peshkov

    ~ ~ ~     

(CORE-1887)     Newly created databases were being created on POSIX platforms with the wrong access rights. Now, access rights are set properly, by an explicit chmod call immediately after creation of the file.

fixed by A. Peshkov

    ~ ~ ~     

(CORE-1886)     On Windows Vista, the server would refuse to start as an application under a restricted user account.

This fix is a backport from the v.2.1 code that will need to be field-tested during RC.

fixed by N. Samofatov

    ~ ~ ~     

(CORE-1884)     Using expressions as the default values of input parameters for stored procedures could cause random server crashes.

fixed by V. Horsun

    ~ ~ ~     

(CORE-1854)     When using Unix native OS user authentication, the engine would return CURRENT_USER in the native (case-sensitive) form instead of the upper-cased form that Firebird user names should be resolved to.

fixed by A. Peshkov

    ~ ~ ~     

(CORE-1844)     Valgrind often reports “Conditional jump or move depends on uninitialised value(s)” in check_status_vector(), caused by poor data type matching which had the potential to corrupt the error status vector when there were multiple errors.

fixed by A. Peshkov

    ~ ~ ~     

(CORE-1841)     A view that used derived tables and long names for the tables or aliases could cause an overflow in RDB$VIEW_RELATIONS.RDB$CONTEXT_NAME.

fixed by V. Horsun

    ~ ~ ~     

(CORE-1840)     Every DDL request executed would leave a small memory leak.

fixed by D. Yemanov

    ~ ~ ~     

(CORE-1830)     Multiple updates of the same record in the same transaction, using savepoints, could corrupt indexes.

fixed by V. Horsun

    ~ ~ ~     

(CORE-1826)     The changeRunUser.sh and restoreRootRunUser.sh scripts on POSIX platforms were not changing the run user in the init.d scripts.

fixed by A. Peshkov

    ~ ~ ~     

(CORE-1817)     The RelaxedAliasChecking parameter was having no effect on RDB$DB_KEY.

fixed by V. Horsun

    ~ ~ ~     

(CORE-1810)     There were problems with user names containing the '.' character.

fixed by A. Peshkov

    ~ ~ ~     

(CORE-1807)     After an abnormal termination of Superserver on Linux, under a hard-to-reproduce situation where the “dead” fbserver process continued to listen on port 3050, the Guardian would retry port 3050 several times before giving up and assigning the new process to a non-canonical port. Meanwhile, client requests would go to port 3050 and hang indefinitely. Guardian needed to be restrained from such madness.

fixed by A. Peshkov

    ~ ~ ~     

(CORE-1506)     The server would crash with isc_dsql_execute_immediate and a zero-length string.

fixed by A. Peshkov

    ~ ~ ~     

(CORE-1451)     Using RDB$DB_KEY in a search argument when calling a selectable procedure would crash the server.

fixed by A. dos Santos Fernandes

    ~ ~ ~     

(CORE-1439)     Killing a Classic server process on a POSIX platform could corrupt databases.

fixed by A. Peshkov

    ~ ~ ~     

(CORE-1357)     The DummyPacketInterval mechanism was broken on all platforms.

fixed by D. Yemanov

    ~ ~ ~     

(CORE-1313)     Derived tables and the MERGE statement were failing to recognise RDB$DB_KEY.

fixed by A. dos Santos Fernandes

    ~ ~ ~     

(CORE-1889)     The security database was being created with Forced Writes off, risking corruption under some conditions.

fixed by A. Peshkov

    ~ ~ ~     

(Unregistered nbackup Bugs)     Bugs in nBackup could corrupt databases in some environments. The fixes relate to issues noted in heavy load conditions.

fixed by N. Samofatov

    ~ ~ ~     

(CORE-1820)     The Windows installer would not correctly detect a running 2.0.x server if it was running without Guardian.

fixed by D. Yemanov, P. Reeves

    ~ ~ ~     

(CORE-1775)     Security checking during a prepare was performing badly.

fixed by V. Khorsun

    ~ ~ ~     

(CORE-1774)     The case-insensitive Spanish language collation ES_ES_CI_AI was exhibiting some problems.

fixed by A. Dos Santos Fernandes

    ~ ~ ~     

(CORE-1746)     It was possible (but damaging) to create an expression index while inserts into the table were under way.

fixed by V. Khorsun

    ~ ~ ~     

(CORE-1731)     Under some conditions, the engine could “hang” for several minutes, using 100% of CPU resources without any input/output activity.

fixed by V. Khorsun

    ~ ~ ~     

(CORE-1726)     Failure could occur during isc_service_start().

fixed by A. Peshkoff

    ~ ~ ~     

(CORE-1702)     Wrong record number calculation in garbage collector thread.

fixed by V. Khorsun

    ~ ~ ~     

(CORE-1681)     An incoming remote packet containing garbage data could crash the server.

fixed by D. Yemanov

    ~ ~ ~     

(CORE-1680)     The gsec display command was returning only the first few users from a security database that had more than 50 users installed in it.

fixed by A. Peshkoff

    ~ ~ ~     

(CORE-1679)     Output from isc_service_query() could contain garbage bytes.

fixed by A. Peshkoff

    ~ ~ ~     

(CORE-1674)     The /doc/ sub-directory on Linux installations was being installed without the appropriate access rights.

fixed by A. Peshkoff

    ~ ~ ~     

(CORE-1657)     Leaving a read-only, read-committed transaction idle for a long time could cause a memory access violation.

fixed by A. Peshkoff

    ~ ~ ~     

(CORE-1644)     Compilation error on GCC 4.1.1

fixed by A. Peshkoff

    ~ ~ ~     

(CORE-1610)     A Full server shutdown of Superserver would cause database corruption if it happened while a query modifying data was running.

fixed by D. Yemanov

    ~ ~ ~     

(CORE-1603)     A long user name had the potential to cause a buffer overflow.

A. Peshkoff

    ~ ~ ~     

(CORE-1579)     In the 64-bit builds, incorrect memory allocation for BLOB parameters in UDFs was causing the BLOB, if it was NULL and was followed by another parameter, to be overwritten by the value of the next parameter.

fixed by A. Peshkoff

    ~ ~ ~     

(CORE-1572)     The error “multiple rows in singleton select” was not being reported when it occurred in a view.

fixed by A. dos Santos Fernandes

    ~ ~ ~     

(CORE-1549)     Subquery-based predicates were are not being evaluated early enough in the join order.

fixed by D. Yemanov

    ~ ~ ~     

(CORE-1533)     A JOIN on an ordered derived table was returning the wrong first record.

fixed by D. Yemanov

    ~ ~ ~     

(CORE-1501)     SLONG data in dsql_nod was not being accessed correctly.

fixed by A. Peshkoff

    ~ ~ ~     

(CORE-1500)     Data in the internal buffer for EXECUTE STATEMENT was aligned incorrectly.

fixed by A. Peshkoff

    ~ ~ ~     

(CORE-1434)     Data used in INTL converters was aligned incorrectly.

fixed by A. Peshkoff

    ~ ~ ~     

(CORE-1484)     A memory access violation could occur in fbintl.

fixed by A. Peshkoff

    ~ ~ ~     

(CORE-1481)     GFIX could report false errors when using in-memory metadata.

fixed by V. Khorsun

    ~ ~ ~     

(CORE-1476)     Forced writes did not work on Linux at all.

fixed by A. Peshkov

    ~ ~ ~     

(CORE-1470)     With a multi-file database, the server would crash when a secondary file name exceeded 127 characters.

fixed by C. Valderrama

    ~ ~ ~     

(CORE-1462)     A buffer overrun would occur in the optimizer when more than 255 relation references existed in the query, causing the server to crash.

fixed by D. Yemanov

    ~ ~ ~     

(CORE-1460)     A client registering its interest in events would crash the server on being connected via the Named Pipes (WNet) protocol.

fixed by D. Yemanov

    ~ ~ ~     

(CORE-1457)     The server would crash on attempting to deliver events to a client session that had just disconnected.

fixed by V. Khorsun

    ~ ~ ~     

(CORE-1456)     Wrong events delivery was exhibited where there were multiple concurrent XNET connections.

fixed by V. Khorsun

    ~ ~ ~     

(CORE-1455)     An unsuccessful user management API call would cause the client library to crash.

fixed by A. Peshkoff

    ~ ~ ~     

(CORE-1452)     The client library would crash when attempting to process an event notification received just prior to disconnection.

fixed by D. Yemanov

    ~ ~ ~     

(CORE-1447)     A buffer overrun could occur when querying for database info through and isc_database_info() API call if the database path was very long.

fixed by C. Valderrama

    ~ ~ ~     

(CORE-1434)     The client library was misinterpreting the error condition created when isc_attach_database() was called to attach to a read-only database with a read-write transaction: it would return error code 0 instead of 335544727 (net_write_err).

fixed by D. Yemanov

    ~ ~ ~     

(CORE-1421)     SuperServer was unable to shut down immediately upon a shutdown request if a failed login attempt had preceded the request.

fixed by A. Peshkoff

    ~ ~ ~     

(CORE-1419)     CURRENT_TIMESTAMP evaluation was being performed incorrectly for selectable procedures.

fixed by D. Yemanov

    ~ ~ ~     

(CORE-1199)     Superserver could be brought down by an internal gds software consistency check (CCH_precedence: block marked (212), file: cch.cpp line: 3640).

fixed by V. Khorsun

    ~ ~ ~     

(CORE-1194)     An access violation could occur in the client library when a shutdown of Superserver was being handled.

fixed by D. Yemanov

    ~ ~ ~     

(CORE-881)     Singleton requirement was not being respected in COMPUTED BY expressions.

fixed by A. dos Santos Fernandes

    ~ ~ ~     

(CORE-100)     An old bug in the Windows client library, dating back to v.1.5.3, could cause a memory access violation on disconnecting.

fixed by D. Yemanov

    ~ ~ ~     

(CORE-1434)     EXECUTE STATEMENT had suffered a regression between v.2.0.1 and v.2.0.2 whereby it was truncating VARCHAR variables.

This was the bug that caused Release 2.0.2 to be recalled. It was initially thought to have been caused by some anomaly related to the UTF-8 character set implementation but it was found to be a general fault affecting all varchars.)

fixed by A. dos Santos Fernandes

    ~ ~ ~     

(CORE-1418)     Rapid starting and shutting down of multiple blocking AST threads was causing race conditions.

fixed by A. Peshkov

    ~ ~ ~     

V.2.0.2 was withdrawn within hours of release because of the problems above.

(CORE-1405)     A vulnerability would be manifest in attach/create database when the file name exceeded the MAX_PATH_LEN value.

fixed by A. Peshkov

    ~ ~ ~     

(CORE-1403)      In a situation where several events were being registered simultaneously by a client using an XNET connection, the server could crash.

fixed by D. Yemanov

    ~ ~ ~     

(CORE-1400)      GSTAT did not support the optional port number in the TCP/IP connection string.

fixed by D. Yemanov

    ~ ~ ~     

(CORE-1399)     GSTAT was not considering the RemoteServicePort option in firebird.conf

fixed by D. Yemanov

    ~ ~ ~     

(CORE-1398)     GSTAT was treating 'localhost' as case-sensitive on Windows.

fixed by D. Yemanov

    ~ ~ ~     

(CORE-1397)      Large network packets with garbage could result in big memory consumption and hign CPU load in a Superserver/TCP/IP environment, creating a vulnerability.

fixed by V. Khorsun

    ~ ~ ~     

(CORE-1380)     I/O errors would occur after changing the Forced Writes attribute of a database if there were other attachments to the databases.

fixed by V. Khorsun

    ~ ~ ~     

(CORE-1371)     An EXECUTE BLOCK statement within an EXECUTE STATEMENT string would fail.

fixed by A. Peshkov

    ~ ~ ~     

(CORE-1349)      The remote interface was failing to check (in REM_receive and REM_fetch calls) the length of client-supplied messages against the formatted length of the messages.

fixed by V. Khorsun

    ~ ~ ~     

(CORE-1347)      Certain conditions would cause unexpected “cannot transliterate” errors.

fixed by D. Yemanov

    ~ ~ ~     

(CORE-1331)      Character set transliterations were not working with EXECUTE STATEMENT.

fixed by A. dos Santos Fernandes

    ~ ~ ~     

(CORE-1328)      the gfix code for two-phase recovery operations with gfix -t was broken on POSIX, causing an unexpected end of input error.

fixed by A. Peshkov

    ~ ~ ~     

(CORE-1312)     A security vulnerability showed up, whereby a remote attacker could gain file access to a system running Firebird.

fixed by A. Peshkov

    ~ ~ ~     

(CORE-1303)      Superserver's remote listener could go into an infinite loop.

fixed by A. Peshkov

    ~ ~ ~     

(CORE-1302)      Some race conditions could occur during service startup.

fixed by A. Peshkov

    ~ ~ ~     

(CORE-1300)      Lower level index pages were being omitted from the parent page.

fixed by V. Khorsun

    ~ ~ ~     

(CORE-1299)      Wrong ordering of index entries was occurring at non-leaf b-tree pages.

fixed by V. Khorsun

    ~ ~ ~     

(CORE-1298)      The BTR\garbage_collect code could cause a deadlock in a page cache.

fixed by V. Khorsun

    ~ ~ ~     

(CORE-1292)      Attempting to create a table, when the connection had been made using a long user name and UTF8 as the attachment character set, would cause an exception.

fixed by A. dos Santos Fernandes

    ~ ~ ~     

(CORE-1286)     A bug with multi-byte characters was causing overflows and server crashes when a string value was applied to a COMPUTED BY field.

fixed by A. dos Santos Fernandes

    ~ ~ ~     

(CORE-1279)      Incorrect initialization of the engine would occur when many clients were attempting simultaneously to be the first to connect to Superserver.

fixed by A. dos Santos Fernandes

    ~ ~ ~     

(CORE-1276)      Sometimes, INET errors were being reported in firebird.log with an error code of 0 instead of the real error code.

fixed by V. Khorsun

    ~ ~ ~     

(CORE-1265)      Detaching from a database would deallocate the memory used by an active critical section.

fixed by D. Yemanov

    ~ ~ ~     

(CORE-1249)      Full shutdown mode would not work on Classic if there were other connections to the database.

fixed by D. Yemanov

    ~ ~ ~     

(CORE-1248)      Incorrect timestamp arithmetic would be performed when one of the operands was negative.

fixed by V. Khorsun

    ~ ~ ~     

(CORE-1247)      The BLOB garbage collection would remove the wrong BLOB if the departing BLOB's descriptor contained 0:0 ("Null value") but the field's NULL flag was not set.

fixed by V. Khorsun

    ~ ~ ~     

(CORE-1240)      With Darwin on PPC, any task using libfbclient, would hang on exit.

fixed by A. Peshkov

    ~ ~ ~     

(CORE-1223)      On openSUSE Linux 10.2 a nonsensical message could appear in firebird.log: “Open file limit increased from 1024 to 0”.

fixed by V. Khorsun

    ~ ~ ~     

(CORE-1207)      Since V. 2.0.1, all kernel objects created by the Firebird engine had their names prefixed with 'Global\' to cause them to be created in the global namespace and be accessible to processes running in different sessions. It also prevents possible database corruption.

On Windows 2003 and Vista, this requires SeCreateGlobalPrivilege, which is fine for a stand-alone server and clients. However, requiring for those extra privileges was no good for applications deployed with the embedded engine.

fixed by V. Khorsun

    ~ ~ ~     

(CORE-1205)     The v. 2.1 Beta gbak would crash the v2.0.x server when attempting to backup a database.

fixed by D. Yemanov, C. Valderrama

    ~ ~ ~     

(CORE-1203)      Some performance issues were encountered with certain queries on 32-bit Linux.

fixed by A. Peshkov

    ~ ~ ~     

(CORE-1183)     A view could not be created if its WHERE clause contained an IN <subquery> expression referring to a procedure.

fixed by D. Yemanov

    ~ ~ ~     

(CORE-1156)      PREPARE would fail when having an uncast parameter on the left side of a comparison with a subquery expression.

fixed by A. dos Santos Fernandes

    ~ ~ ~     

(CORE-1153)      STARTING [WITH] used for a join condition gave different results depending on whether a certain index was active or inactive.

fixed by A. dos Santos Fernandes

    ~ ~ ~     

(CORE-1149)      There was a vulnerability whereby the Services API could be used to effect a Denial-of-Service attack.

fixed by A. Peshkov

    ~ ~ ~     

(CORE-1145)      The server would lock up while attempting to commit the deletion of an expression index.

fixed by D. Yemanov

    ~ ~ ~     

(CORE-1142)      A generator's COMMENT could not be altered to the same value.

fixed by C. Valderrama

    ~ ~ ~     

(CORE-984)     On Windows, fbclient.dll would change the security descriptor of the calling process.

fixed by D. Yemanov, V. Khorsun

    ~ ~ ~     

(CORE-968)     A condition could occur that caused the client to lose its connection with the Firebird server.

fixed by A. Peshkov

    ~ ~ ~     

(CORE-900)      Attaching to a database simultaneously with the Services API and a standard API function could cause a deadlock.

fixed by A. Peshkov

    ~ ~ ~     

(CORE-1140)    The server would crash when performing garbage collection during index creation. The problem related to the existence of expression indices on the same table.

fixed by D. Yemanov

    ~ ~ ~     

(CORE-1139)    NBackup was failing to delete the delta file after a successful backup on Win32 Classic.

fixed by D. Yemanov

    ~ ~ ~     

(CORE-1136)    NBackup was not able to back up a recently created database.

fixed by D. Yemanov

    ~ ~ ~     

(CORE-1133)    The XNET (IPC) communication protocol would not work across session boundaries.

fixed by V. Khorsun

    ~ ~ ~     

(CORE-1130)    Bad optimization was occurring when a procedure was left joined with a view or subquery.

fixed by D. Yemanov

    ~ ~ ~     

(CORE-1127)    Circular index references in a corrupt database would cause fbserver to go into an infinite loop.

fixed by D. Downie, V. Khorsun

    ~ ~ ~     

(CORE-1126)    An arithmetic exception was being thrown when UNION sets involved UTF8 literals.

fixed by A. dos Santos Fernandes

    ~ ~ ~     

(CORE-1124)    NBackup would not work in interactive mode on Windows.

fixed by D. Yemanov

    ~ ~ ~     

(CORE-1121)    NBackup exhibited a page-level deadlock (bugcheck 215) when attempting to lock/back up a database under load.

fixed by D. Yemanov, G. Sergeev

    ~ ~ ~     

(CORE-1110)    The function isc_get_client_xxx_version() was not fully compatible with the InterBase version of the gds32.dll Windows client library.

fixed by V. Khorsun

    ~ ~ ~     

(CORE-1104)    The Linux install would fail if the x0rfbserver program was running.

fixed by A. Peshkov

    ~ ~ ~     

(CORE-1025)    The server would crash at runtime when an explicit MERGE plan was specified over multiple JOIN elements.

fixed by D. Yemanov

    ~ ~ ~     

(CORE-1016)    Checking the configured UdfAccess setting was not being performed until after the library had been loaded and its startup code had been executed.

fixed by A. Peshkov

    ~ ~ ~     

(CORE-943)    Database shutdown was being executed incorrectly when the database was in physical backup mode.

fixed by D. Yemanov

    ~ ~ ~     

(CORE-1094)    isc_dsql_sql_info() was returning unordered SQLVAR descriptors

fixed by D. Yemanov

    ~ ~ ~     

(CORE-1080)    Bugcheck 167 (invalid SEND request) occurring in Superserver

This was a long-standing bug in Superserver: when several parallel attachments began executing a trigger that had not yet been loaded into the metadata cache, the first of them would compile the trigger request's BLR but others would not wait until the request compilation finished. Hence, other attachments would execute a NULL request.

Protection from such failures existed in MET_procedure using dbb_sp_rec_mutex for stored procedures, but not for triggers.

fixed by V. Khorsun

    ~ ~ ~     

(CORE-1012)    Since Firebird 1.5.3, neither the relation name nor the alias was being returned for columns participating in a GROUP BY aggregation with joins.

This problem was reported to affect particularly applications using IB Objects, which maintains internal structures to support “live” searching of tables underlying joined and aggregated sets.

fixed by A. Dos Santos Fernandes

    ~ ~ ~     

(CORE-1068)    isql was not printing non- nullable blobs, due to incorrect checking of the XSQLVAR structure.

fixed by A. dos Santos Fernandes

    ~ ~ ~     

(CORE-1064)    The backup order in gbak was wrong for character sets and collations.

Character sets and collations were being backed up after tables and hence they were being restored after tables. The problem became obvious when restoring with the -ONE_AT_A_TIME switch, where a table definition used non-system character sets or collations.

fixed by A. dos Santos Fernandes

    ~ ~ ~     

(CORE-1063)     The Server could hang, eating CPU and performing huge I/O copying different codepage fields.

Under certain conditions, notably when multi-byte character sets were involved, an endless loop or a transliteration exception could occur wherein BLOB segments of zero length were being created and empty BLOB pages were being stored until resources were exhausted.

fixed by V. Khorsun

    ~ ~ ~     

(CORE-944, CORE-982, CORE-1059)     This set of bug fixes fixed cases reported in several crash reports on POSIX platforms, involving execution of stored procedures where both BLOBs and external function calls were involved.

fixed A. Peshkov

    ~ ~ ~     

(CORE-1057)    GSEC was exhibiting a bug where it was hiding errors on a call to CryptAcquireContext().

fixed by A. Peshkov, A. dos Santos Fernandes

    ~ ~ ~     

(CORE-1055)    Parameter matching for self-referencing stored procedures was wrong.

fixed by D. Yemanov

    ~ ~ ~     

(CORE-1053)    A SELECT statement could return invalid results when an index was to evaluate a “greater than” predicate in a WHERE clause. The erroneous logic would occur if the key value changed exactly at the beginning of the index block.

For example, the statement

 SELECT * FROM Table WHERE IntField > Constant
    

would return fewer records than

 SELECT * FROM Table WHERE IntField >= Constant+1
    

fixed by A. Peshkov, A. Brinkman

    ~ ~ ~     

(CORE-1051)    A bug was found in DFW\check_dependencies that could corrupt the stack.

fixed by V. Khorsun

    ~ ~ ~     

(CORE-1046)    A bug was causing a core dump in CVT_move.

fixed by D. Yemanov

    ~ ~ ~     

(CORE-1040)    A wrong single-segment ascending index could occur on a character field if there were NULLs and empty string values in the column.

fixed by V. Khorsun, A. Brinkman

    ~ ~ ~     

(CORE-1020, CORE-1037)    Some inconsistencies of installation components could happen with command-line use of the Win32 Installer. The problem areas were fixed.

fixed by P. Reeves

    ~ ~ ~     

(CORE-1033)    In some views, the LIKE clause would not work for computed values.

fixed by A. dos Santos Fernandes

    ~ ~ ~     

(CORE-1029)    Bad plans could be generated for queries with outer joins having IS NULL clauses, depending on the order of the search predicates.

fixed by D. Yemanov

    ~ ~ ~     

(CORE-1020)    The server could crash at run-time when an explicit MERGE plan was specified to override one that would have used a few JOIN phrases instead.

fixed by D. Yemanov

    ~ ~ ~     

(CORE-1017)    Windows service attachments using the Xnet protocol would fail when Classic had been started with the -x -i (Xnet and TCP/IP) parameters set.

fixed by D. Yemanov

    ~ ~ ~     

(CORE-1011)    The server would crash if an application tried to connect to it via an InterBase version of gds32.dll.

fixed by A. Peshkov, D. Yemanov

    ~ ~ ~     

(CORE-1010)    The server could crash if an executing DDL statement raised an exception.

fixed by D. Yemanov

    ~ ~ ~     

(CORE-1006)    Rollback or garbage collection would cause an access violation (segfault) if an updated table had an expression index defined by a subquery.

fixed by V. Khorsun

    ~ ~ ~     

(CORE-1005)    A DISTINCT query that specifed NULLS LAST in an ORDER BY clause would return NULLs in the wrong position.

fixed by D. Yemanov

    ~ ~ ~     

(CORE-1004)    Conditions could occur where the error “Context already in use (BLR error)” would be wrongly thrown when accessing explicit cursors in PSQL.

fixed by D. Yemanov

    ~ ~ ~     

(CORE-997)    An old bug with indices on a character column with a COLLATE attribute became more visible and made it impossible to upgrade the database from ODS 10.1 to ODS 11. The restore would wrongly report the error “internal gds software consistency check (index key too big (nnn))”.

fixed by A. dos Santos Fernandes

    ~ ~ ~     

(CORE-988)    On Linux, using the 32-bit Superserver with the old threading model, the server would repeatedly crash.

Due to a bug in some versions of glibc, errno contained garbage after sem_timedwait(). Obviously, a clean fix is not in order. However, considering that people often try to use Firebird with such buggy versions and tend to blame Firebird for the problem, and that upgrading glibc is not trivial operation for many, a hack has been done to the body of the class semaphore. It now works correctly with both the normal and the broken versions of glibc.

fixed by A. Peshkov

    ~ ~ ~     

(CORE-984)    Using the Windows client ( fbclient.dll) to open a database connection was changing the security descriptor of the process that called the library functions, making it impossible for other processes to share handles with synchonization objects or with other handles.

fixed by D. Yemanov

    ~ ~ ~     

(CORE-966)    Socket binding for events exhibited bugs whereby the setsockopt call in inet.cpp was using an uninitialised variable and did not handle errors properly. It resulted in “INET/inet_error: bind errno = 10048” errors reported in the log whenever clients bound to database events.

fixed by P. Beach

    ~ ~ ~     

(CORE-959)    gstat would not work using the localhost connection string.

Since v1.5, it has been possible to run gstat using a pseudo-remote connection string (localhost:<path>) but it was broken in v2.0.

fixed by D. Yemanov

    ~ ~ ~     

(CORE-952)    Using a BLOB in an expression index would cause an access violation (segfault).

fixed by V. Khorsun

    ~ ~ ~     

(CORE-888)    A number of people reported getting the “Object in use” when attempting to alter, recreate, replace or drop a stored procedure or trigger whilst the existing trigger or SP was in use. It was not a bug, per se, but an intentional restriction.

The restriction has been removed (reverted to 1.5 behaviour). Thus it is again possible to perform these types of DDL operations on “live” objects, and incur the same “window of unpredictable effect” for Classic users as in previous versions.

Reversion done by D. Yemanov

    ~ ~ ~     

The following bugs present in Firebird 1.5 were fixed in v.2.0. Note that, in many cases, the bug-fixes were backported to Firebird 1.5.x sub-releases.

   insert into t(a,b)
      values(N, <literal_string>);
    

  create table test(fld numeric(18, 2));
  insert into test (fld) values (1);
  commit;
  alter table test alter fld type numeric(18,3);
  select fld/3 from test; -- returns 0.033 instead of expected 0.333
    

    CHECK (DEPTNO IN (10, 20, 30))
    

    create table bug (f1 int not null, f2 int not null);
    insert into bug (f1, f2) values (1, 1);
    commit;
    alter table bug add pk int not null primary key;
    

  SQL> CREATE TABLE tab ( i INTEGER );
  SQL> INSERT INTO tab VALUES (2000000000);
  SQL> COMMIT;

  SQL> ALTER TABLE tab ALTER i TYPE VARCHAR(5);
  Statement failed, SQLCODE = -607
  unsuccessful metadata update
  -New size specified for column I must be at least 11 characters.
    

  SQL> ALTER TABLE tab ALTER i TYPE VARCHAR(9);
    

  SQL> SELECT * FROM tab;
  I
  =========
  Statement failed, SQLCODE = -413
  conversion error from string "2000000000"
    

    alter table rdb$relations
      add rdb$garbage varchar(30);