- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- hp-ux 11.11 64bits printf oracle bug
Operating System - HP-UX
1747984
Members
4202
Online
108756
Solutions
Forums
Categories
Company
Local Language
back
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Discussions
back
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Blogs
Information
Community
Resources
Community Language
Language
Forums
Blogs
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-05-2010 02:14 AM
07-05-2010 02:14 AM
hp-ux 11.11 64bits printf oracle bug
Hi,
Our db team, passed us this problem they are having after updating oracle to version 9.2.0.8, oracle is dumping a core. Do you know if there is a SO patch for this bug?.
hp-ux: 11.11. 64 bits
# PHCO_27577 1.0 printf(1) cumulative patch
# PHCO_32761 1.0 libc cumulative patch
Bug 6925880: ORA-7445: [__DOPRNT_WIDE()+12112]
Bug Attributes
Type B - Defect Fixed in Product Version -
Severity 2 - Severe Loss of Service Product Version 9.2.0.8.0
Status 95 - Closed, Vendor OS Problem Platform 59 - HP-UX PA-RISC (64-bit)
Created 28-Mar-2008 Platform Version -
Updated 26-Jan-2009 Base Bug -
Database Version 9.2.0.8.0
Affects Platforms Generic
Product Source Oracle
This looks like a problem in HPUX but you could probably argue
about it. In the trace notice that we are attempting to write
out the bind value. For this we use vsnprintf() and the
dump occurs under there, notably on a page aligned address.
The problem is that printf() and variants (vsnprintf, sprintf
etc..) have a problem on HPUX with a format string / args of
the form ("%.*s",N,P) if the address P+N is not accessible. For such
a call into printf() we are only asking to output the first N
characters and so printf() should only need to look at addresses
P+0 to P+N-1 inclusive, but on HPUX printf() is looking at address
P+N. For tracing bind values, and other places, strings in Oracle
are stored as a separate length and content and so there is no
trailing NULL and it is possible for a string content to end
on a page boundary such that the next byte is not accessible.
This is what is happening in the trace - the page after the
string content is not mapped to the process and so when printf
tries to access it (which it should not need to as it is
beyond the supplied length) it gets a fault.
I have uploaded a simple C program
that contains the following code to show the problem. This uses
page protection to show printf() reading past the length
supplied and only fails on HPUX. It works fine on Linux,
Solaris and AIX.
#include
#include
main()
{
char * p=(char *)valloc(2*8192);
char * p2=p+8192;
char * txt=p2-16;
int i;
for (i=0; i<16; i++) txt[i]='A'+i;
printf("Value before protection \"%.*s\"\n\n",16,txt);
if (mprotect(p2,8192,PROT_NONE)<0) {
perror("mprotect failed");
printf("Cannot do test, mprotect failed\n"); exit(1);
}
printf("txt=%p, Protected from=%p\n",txt,p2);
printf("accessing one byte at a time: ");
for (i=0; i<16; i++) printf("%c",txt[i]);
printf("\n");
printf("\n");
printf("Using %%.*s format with len=16\n");
printf("\"%.*s\"\n",16,txt);
}
I would suggest that you contact HP with this test program
to see if they have a C library fix for printf() so that
it does not read more than N characters into a string buffer
when N has been supplied.
*** 03/31/08 04:37 am ***
The test program fails on HPUX compiled 64bit thus:
Value before protection "ABCDEFGHIJKLMNOP"
txt=8000000100007ff0, Protected from=8000000100008000
accessing one byte at a time: ABCDEFGHIJKLMNOP
Using %.*s format with len=16
Bus error (core dumped)
In this example there is a string of 16 characters at
8000000100007ff0 which read ABCDEFGHIJKLMNOP with
the P at 8000000100007fff. 8000000100008000 is not
accessible but we asked to printf the first 16
characters of the string only so printf should not
need to access past 8000000100007fff, but it tries
to and dumps.
Our db team, passed us this problem they are having after updating oracle to version 9.2.0.8, oracle is dumping a core. Do you know if there is a SO patch for this bug?.
hp-ux: 11.11. 64 bits
# PHCO_27577 1.0 printf(1) cumulative patch
# PHCO_32761 1.0 libc cumulative patch
Bug 6925880: ORA-7445: [__DOPRNT_WIDE()+12112]
Bug Attributes
Type B - Defect Fixed in Product Version -
Severity 2 - Severe Loss of Service Product Version 9.2.0.8.0
Status 95 - Closed, Vendor OS Problem Platform 59 - HP-UX PA-RISC (64-bit)
Created 28-Mar-2008 Platform Version -
Updated 26-Jan-2009 Base Bug -
Database Version 9.2.0.8.0
Affects Platforms Generic
Product Source Oracle
This looks like a problem in HPUX but you could probably argue
about it. In the trace notice that we are attempting to write
out the bind value. For this we use vsnprintf() and the
dump occurs under there, notably on a page aligned address.
The problem is that printf() and variants (vsnprintf, sprintf
etc..) have a problem on HPUX with a format string / args of
the form ("%.*s",N,P) if the address P+N is not accessible. For such
a call into printf() we are only asking to output the first N
characters and so printf() should only need to look at addresses
P+0 to P+N-1 inclusive, but on HPUX printf() is looking at address
P+N. For tracing bind values, and other places, strings in Oracle
are stored as a separate length and content and so there is no
trailing NULL and it is possible for a string content to end
on a page boundary such that the next byte is not accessible.
This is what is happening in the trace - the page after the
string content is not mapped to the process and so when printf
tries to access it (which it should not need to as it is
beyond the supplied length) it gets a fault.
I have uploaded a simple C program
that contains the following code to show the problem. This uses
page protection to show printf() reading past the length
supplied and only fails on HPUX. It works fine on Linux,
Solaris and AIX.
#include
#include
main()
{
char * p=(char *)valloc(2*8192);
char * p2=p+8192;
char * txt=p2-16;
int i;
for (i=0; i<16; i++) txt[i]='A'+i;
printf("Value before protection \"%.*s\"\n\n",16,txt);
if (mprotect(p2,8192,PROT_NONE)<0) {
perror("mprotect failed");
printf("Cannot do test, mprotect failed\n"); exit(1);
}
printf("txt=%p, Protected from=%p\n",txt,p2);
printf("accessing one byte at a time: ");
for (i=0; i<16; i++) printf("%c",txt[i]);
printf("\n");
printf("\n");
printf("Using %%.*s format with len=16\n");
printf("\"%.*s\"\n",16,txt);
}
I would suggest that you contact HP with this test program
to see if they have a C library fix for printf() so that
it does not read more than N characters into a string buffer
when N has been supplied.
*** 03/31/08 04:37 am ***
The test program fails on HPUX compiled 64bit thus:
Value before protection "ABCDEFGHIJKLMNOP"
txt=8000000100007ff0, Protected from=8000000100008000
accessing one byte at a time: ABCDEFGHIJKLMNOP
Using %.*s format with len=16
Bus error (core dumped)
In this example there is a string of 16 characters at
8000000100007ff0 which read ABCDEFGHIJKLMNOP with
the P at 8000000100007fff. 8000000100008000 is not
accessible but we asked to printf the first 16
characters of the string only so printf should not
need to access past 8000000100007fff, but it tries
to and dumps.
Windows?, no thanks
1 REPLY 1
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-05-2010 07:53 AM
07-05-2010 07:53 AM
Re: hp-ux 11.11 64bits printf oracle bug
Fixed with patch PHCO_40310
Windows?, no thanks
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.
News and Events
Support
© Copyright 2024 Hewlett Packard Enterprise Development LP