BUG: CMDExec Task May Cause Heap Corruption and AV in SQL Executive

ID: Q234200

The information in this article applies to:
BUG #: 18750 (SQLBUG_65)

SYMPTOMS

A CMDexec task may cause heap corruption if it contains an extra double quote ("). Repeated execution of the task may cause a SQL Executive Access Violation (AV). For example, a batch file named mybatch.cmd containing: 


isql -U"sa" -P -Q"SELECT 1"
isql -U"sa" -P -Q"SELECT 1"
isql -U"sa" -P -Q"SELECT 1"
when executed as CMDexec task as mybatch.cmd, causes heap corruption and may cause an access violation.

If the double quotes are removed from around the sa characters in the preceding code, the problem does not occur: 

isql -Usa -P -Q"SELECT 1"
isql -Usa -P -Q"SELECT 1"
isql -Usa -P -Q"SELECT 1"
This behavior occurs with the CMDEXEC.dll shipping with Service Pack 5, dated 8/26/98. It does not occur with previous versions of the file.


WORKAROUND

To work around this problem, choose either of the following:


STATUS

Microsoft has confirmed this to be a problem in SQL Server version 6.5 Service Pack 5 and Service Pack 5a.


MORE INFORMATION

SQLTrace shows the extra double quotes introduced around the SELECT statement: 


msdb..sp_schedulerlog 0,0,0,17,"","",1,19990527,141240,4,"",0,0,"Process Exit Code 0.  ...ected)    E:\MSSQL\BINN>isql -Usa -P -Q""select ""1""""                   -----------              1     (1 row affected)    E:\MSSQL\BINN>isql -Usa -P -Q""select ""1""""                   -----------              1     (1 row affected)  ",1684370531
The following message may appear if SQL Executive is started from the Command prompt with -c -v:
Application Error : Instruction at 0x77F7D40F referenced memory 0x00202020.

Additional query words: 


Keywords          : kbSQLServ650sp5bug 
Version           : winnt:6.5 Service Pack 5 and 5a
Platform          : winnt 
Issue type        : kbbug

Last Reviewed: June 23, 1999