FIX: Sqltrace.dll May Cause Heap Corruption with Zero Length Binary RPC ParameterID: Q219865
|
A remote procedure call (RPC) event captured by SQLProfiler with a binary or varbinary parameter that is zero length can result in heap corruption within Sqlservr.exe by Sqltrace.dll.
The problem is specific to a binary or varbinary RPC parameter, and it only occurs if the parameter value is zero length.
Microsoft has confirmed this to be a problem in SQL Server
version 7.0. This problem has been corrected in U.S. Service Pack 1
for Microsoft SQL Server version 7.0. For information about
downloading and installing the latest SQL Server Service Pack, see
http://support.microsoft.com/support/sql/.
For more information, contact your primary support provider.
From an ODBC perspective, this occurs if the RPC parameter was specifically bound with zero length using SQLBindParameter or if only one digit was specified in a binary string constant (for example, 0x1 or a constant to represent a zero length binary value like 0x).
For example, if you execute {call mysp(0x)}, the ODBC SQL Server driver interprets this as a zero length binary value and sends across a value of 0 and length of 0.
If you were to run the above query with SQLProfiler enabled to trace RPC events, you would see a heap corruption error under a debugger.
Additional query words:
Keywords : kbbug7.00
Version : winnt:7.0
Platform : winnt
Issue type : kbbug
Last Reviewed: June 9, 1999