fixed by V. Horsun

(1.5.4) Transaction numbers could overflow the 32-bit signed integer and corrupt the database.

Fix back-ported from Firebird 2.0.1.

fixed by V. Horsun

(1.5.4) Possible stack corruption in the deferred work handler.

Fix back-ported from Firebird 2.0.

fixed by P. Beach, D. Yemanov

Socket binding for events exhibited a bug where 10048 network errors were being reported in the log when clients attempted to bind to events.

Fix back-ported from Firebird 2.0.

fixed by P. Beach, A. Peshkoff

(1.5.4) In previous versions of Superserver, if the server could not establish a socket for events, e.g. a firewall prevented the event port from being opened at the server side, the server would hang when a client attempted to register for an event. Connected clients would stop responding and new connections would be blocked.

Now, under these conditions, the client will hang until the socket call times out (by default, 10 seconds) and then the server will respond to the isc_que_events() call by throwing the exception isc_net_event_connect_err, “Failed to establish a secondary connection for event processing” and will continue to serve user requests normally.

Fix back-ported from Firebird 2.0.

fixed by V. Horsun

(1.5.4) Access violations (segfaults) could occur in the Classic server when clients woke up after leaving read committed read-only transaction active but idle for long periods.

fixed by P. Beach, D. Sibiryakov

(1.5.4) When the buffer overflowed in isql, the error was not detected.

Fix back-ported from Firebird 2.0.

fixed by P. Beach, D. Sibiryakov

(1.5.4) Isql had some problems handling quoted strings.

Fix back-ported from Firebird 2.0.

fixed by C. Valderrama

(1.5.4) On Windows, GSTAT would print “unknown Windows NT error” instead of a proper Win32 error message.

Fix back-ported from Firebird 2.0.

fixed by A. Harrison

(1.5.4) A condition was causing BUGCHECK(183) when attempting to back out a record version after a crash.

Fix back-ported from Firebird 2.0.

fixed by V. Horsun

(1.5.3) An error in the thread scheduler would cause the server to lock up if an I/O error occurred at database attachment.

fixed by A. Peshkoff

The isc_user_* (add/modify/delete) functions worked wrongly under Administrator account on Win32.

(1.5.3) At some point during InterBase development, the intention was to make the Win32 implementation work so that Superuser privileges on Unix were emulated for Administrator on Win32 (SuperUser/root on Unix/Linux can log into the security database without entering any username and password). It worked, up to a point.

However, if the Win32 Administrator user tried to call these functions through a SYSDBA login, the connection would hang with some strange path resolution errors.

The code for a root-style login has been disabled in the Win32 clients (fbclient.dll and fbembed.dll). Now any Windows user, including Administrator, must supply the SYSDBA user name and password.

fixed by A. Peshkoff

(1.5.3) Denial-of-Service vulnerability: an extra-long database file name could crash the server. Endemic security bug. One of many overflow vulnerabilities fixed in the Firebird 2 code, this fix has been backported to v.1.5.3.

fixed by A. Peshkoff

(1.5.3) The server would crash during some DDL operations. Fix back-ported from Firebird 2 HEAD.

fixed by C. Valderrama

(1.5.3) In some cases, a BLOB filter declaration would cause the server to crash. Fix back-ported from Firebird 2 HEAD.

fixed by A. Peshkov

(1.5.3) A locally exploitable stack overflow vulnerability was detected and fixed.

fixed by D. Yemanov

(1.5.3) The server could crash while performing a metadata scan for a complex table. Fix back-ported from Firebird 2 HEAD.

fixed by D. Yemanov

(1.5.3) Database corruption could occur due to allowing certain pre-trigger actions, such as deleting a record in a BEFORE UPDATE trigger. Fix back-ported from Firebird 2 HEAD.

fixed by V. Horsun

(1.5.3) CPU load would rise to 100% when a write failure occurred. Fix back-ported from Firebird 2 HEAD.

fixed by V. Horsun

(1.5.3) A source of possible corruption was exhibiting in the Classic server as a page type exception "page 0 is of wrong type (expected 6, found 1)". Identified, fixed and back-ported from Firebird 2 HEAD.

fixed by V. Horsun

(1.5.3) When the gfix service code tried to reattach to a database that had become unavailable, the server would crash. An endless loop would occur due to the inability of the service to interact with the end user, causing the service buffer to overflow eventually and result in the crash. Fixed and back-ported from Firebird 2 HEAD.

fixed by D. Yemanov

(1.5.3) Character set and/or collation specified for local variables in PSQL would get lost, potentially causing string conversion errors. Fix backported from Firebird 2 HEAD.

fixed by D. Yemanov

(1.5.3) If any DDL operations were active during a database shutdown, the server would crash. Fix back-ported from Firebird 2 HEAD.

fixed by D. Yemanov

(1.5.3) Subqueries in in VIEWs were returning character data with the wrong character set. Fix back-ported from Firebird 2 HEAD.

fixed by C. Valderrama

(1.5.3) There was an issue with quoted identifiers in the ISQL command SHOW GENERATORS in Dialect 3.

fixed by A. Harrison

(1.5.3) No more than 32767 identifiers were being generated by GPRE.

fixed by A. Peshkoff

(1.5.3) Wrong permissions were installed for the QLI help database.

fixed by D.Yemanov

(1.5.2) An old legacy bug that has continued to bug us is that, when a client had some events registered and its network connection had been terminated abnormally (hardware failure, reset button or task manager), then the server would start using 100% of the CPU time until the "parent" port (client connection which called isc_que_events() API routine) reported on its failure.

This bug affected all FB versions (more or less, depending on the DummyPacketInterval configuration option) and only TCP/IP connections.

Further work has been done to rectify the problem in v.1.5.2. It now appears to be solved.

fixed by C. Valderrama

(1.5.2) UDF with NULL input parameter, problem fixed.

fixed by C. Valderrama

(1.5.2) Left join would defeat a UDF by mangling a null descriptor. Fixed.

fixed by D. Yemanov

(1.5.2) Error trying to delete from a naturally updatable view containing computed expressions. If you had a view like this:

  create view v_test (f, s)
  as
    select f1, f2 + f3
    from t
        

then the server returned the "attempted update of read-only column" error when you tried to perform a DELETE operation. This is fixed in FB 1.5.2 and above.

fixed by A. Peshkoff

(1.5.2) Numeric data types represented by floating-point variables were being processed incorrectly in an EXECUTE STATEMENT with dialect 1 databases--numerics were being scaled incorrectly:

  create table a (b numeric(18,3));
  commit;
  insert into a values(12345.678);
  commit;
  set term ^;
  create procedure c
    returns(d numeric(18,3))
  as
  begin
    for execute statement 'select b from a'
    into :d
    do suspend;
  end ^
  commit^
  set term ;^
  select * from c;
        

returned 12.346 instead of 12345.678. Now fixed.

fixed by V. Horsun

If DISTINCT was used in an aggregate function and the record set being processed (aggregated) was empty, then we had a small memory leak. This memory was not returned until disconnect.

This routine would eat 120MB on FB 1.5.1 and previous:

  CREATE PROCEDURE MEM_LEAK
  AS
    DECLARE I INT = 1000;
    DECLARE T INT;
    DECLARE C INT;
  BEGIN
    WHILE (I > 0) DO
    BEGIN
      SELECT RDB$INDEX_TYPE,
      COUNT(DISTINCT RDB$RELATION_NAME)
      FROM RDB$INDICES
        WHERE 0=1
      GROUP BY 1
      INTO :T, :C;

      I = I - 1;
    END
  END
        

It is fixed in v.1.5.2.

fixed by D. Yemanov

(1.5.2) The server leaked resources when an exception was thrown from a selectable stored procedure. The procedural request wasn't freed properly and caused errors like "too many concurrent executions of the same request" after 750-1000 iterations.

  CREATE PROCEDURE P (INP INTEGER)
  RETURNS (OUTP INTEGER)
  AS
  BEGIN
    OUTP = INP / 0;
    SUSPEND;
  END

  UPDATE T SET ID = 1
    WHERE (SELECT OUTP FROM P(1)) = 1
        

The leaking request blocks were returned on disconnect. Now fixed.

fixed by P. Reeves

(1.5.2) The server log was polluted with SIGPIPE errors when running SuperServer on UNIX. The legacy InterBase code was logging sigpipe errors for SS running on *nix. Unfortunately sigpipe errors come in their thousands (when they come at all) with the result that the log filled up rather quickly. In extreme cases this led to filling up the entire partition.

Logging of SIGPIPE errors has thus been disabled.

fixed by V. Horsun

(1.5.2) 100% CPU usage was exhibited by the cache_writer thread in some rare cases (reported by Adrianos dos Santos Fernandes).

To reproduce in v.1.5.1 or lower, open two command prompts.

Prompt 1:

    isql
    CREATE DATABASE 'test.fdb';
    CREATE TABLE T (N INTEGER);
    EXIT;

    gbak -B test.fdb test.fbk
    del test.fdb
    gbak -C test.fbk test.fdb
        

Prompt 2:

    gbak -B test.fdb test.fbk
        

The server would consume 99% of CPU until the isql prompt 2 was disconnected. The bug didn't occur when passing -GARBAGE_COLLECT in the last command.

fixed by A. Karyakin, D. Yemanov

(1.5.2) A possible source of server crash was discovered in the op_connect handler. When a TCP/IP packet lacking user information was received on the server port, the server could crash. Because it was the first packet (op_connect) in the client-server protocol, it exposed the server to any kind of DoS attack. Anyone could kill the server with just one TCP packet. Now fixed.

fixed by D. Yemanov

(1.5.2) The server could crash with complex queries where lots of streams were used in a sort/merge. A complex union with many aggregations and merge joins could crash the server because of a streams buffer overflow. Although the current limit is 255 streams per request, the temporary buffer could accommodate only 128 items. Now fixed

fixed by C. Waters, D. Yemanov

(1.5.2) The server was blocking when events were used with Network Access Transaction (NAT) gateways. Auxiliary connections (for events) were established by the client library using the server-reported TCP/IP address. But the address returned by the server may be incorrect if it is behind a NAT box.

The fix was to use the address that was used to connect the main socket, not the address reported by the server.

fixed by V. Horsun

(1.5.2) Sweeper would not release its lock when database shutdown was executed. A server crash could occur when a database shutdown was initiated while the sweep is being in progress. Now fixed.

fixed by V. Horsun

(1.5.2) The least significant bits of a floating-point value would be lost when rounding the value to an integer or int64 value.

Dialect 3 database:

SELECT CAST(CAST( 1.005E0 AS NUMERIC(15,2))
  AS VARCHAR(30)) FROM RDB$DATABASE
UNION ALL
SELECT CAST(CAST( 1.015E0 AS NUMERIC(15,2))
  AS VARCHAR(30)) FROM RDB$DATABASE
UNION ALL
SELECT CAST(CAST( 1.025E0 AS NUMERIC(15,2))
  AS VARCHAR(30)) FROM RDB$DATABASE
UNION ALL
SELECT CAST(CAST( 1.035E0 AS NUMERIC(15,2))
  AS VARCHAR(30)) FROM RDB$DATABASE
UNION ALL
SELECT CAST(CAST( 1.045E0 AS NUMERIC(15,2))
  AS VARCHAR(30)) FROM RDB$DATABASE
UNION ALL
SELECT CAST(CAST( 1.055E0 AS NUMERIC(15,2))
  AS VARCHAR(30)) FROM RDB$DATABASE
UNION ALL
SELECT CAST(CAST( 1.065E0 AS NUMERIC(15,2))
  AS VARCHAR(30)) FROM RDB$DATABASE
UNION ALL
SELECT CAST(CAST( 1.075E0 AS NUMERIC(15,2))
  AS VARCHAR(30)) FROM RDB$DATABASE
UNION ALL
SELECT CAST(CAST( 1.085E0 AS NUMERIC(15,2))
  AS VARCHAR(30)) FROM RDB$DATABASE
UNION ALL
SELECT CAST(CAST( 1.095E0 AS NUMERIC(15,2))
  AS VARCHAR(30)) FROM RDB$DATABASE
        

FB 1.5.1 returns

F_1
----
1.00
1.01
1.03
1.04
1.05
1.05
1.06
1.08
1.09
1.10
        

The problem is fixed. FB 1.5.2 returns

F_1
----
1.01
1.02
1.03
1.04
1.05
1.06
1.07
1.08
1.09
1.10
        

fixed by N. Samofatov

(1.5.2) A few memory access problems were detected when testing HEAD under Valgrind. Fixed in HEAD and back-ported to v.1.5.2

Experimental 64-bit builds by N. Samofatov

(1.5.2) 64-bit SuperServer builds on platforms such as Linux/AMD64/NPTL, which use the high-order bits of a 64-bit thread ID, were exhibiting run-time errors.

CURRENT_TIMESTAMP was yielding unpredictable results on 64-bit platforms.

fixed by Dmitry Yemanov

(1.5.1) Fixed a persistent issue with events, where a client using events would cause the server's CPU usage to go up to 100 percent when it terminated its connection. The problem existed in all Firebird versions, but became more acute in v. 1.5 because it has the default dummy packet interval at 0 and relies instead on TCP/IP keepalive packets.

Now, the client library tries to wake up the server's port when detaching, allowing the server to scan for broken connections and close them sooner.

fixed by Vladimir Tsvigun

(1.5.1) Fixed a bug in the QLI utility, whereby assigning a variable would generate an access violation.

fixed by Claudio Valderrama

(1.5.1) The -n[o_validity], that should make gbak restore a database without restoring validity constraints, was ignoring NOT NULL constraints and restoring them regardless. Now it works as it ought to.

fixed by Claudio Valderrama

(1.5.1) When a fresh database needs to be created by metadata-backup/restore, the user-defined generators should be set to zero. However, during a metadata-only backup, gbak would preserve the values of all generators, including non-system ones. Now, they are correctly reset.

fixed by Arno Brinkman

(1.5.1) Corrected a bug that prevented proper restoration of inter-dependent views.

fixed by Dmitry Yemanov

(1.5.1) A memory leak in the Services API.

fixed by Nickolay Samofatov

(1.5.1) A memory leak in isc_database_info().

fixed by Oleg Loa

(1.5.1) Memory leaks occurred in PSQL modules when aggregation errors were handled in a WHEN block.

fixed by Nickolay Samofatov

(1.5.1) A stability problem with usage of previously freed memory in the client library was found and eliminated. It was present in InterBase and earlier Firebird versions but it re-surfaced in Firebird 1.5, due to the memory manager actively returning memory to the system. When using TCP/IP with Windows clients, application programs would hang because of an access violation in fbclient.dll, or fbclient.dll itself would hang. In some cases, further connections to the same database would be rejected.

fixed by Nickolay Samofatov

(1.5.1) Attempting to update a generator in a read-only database would cause database detach to be prolonged and such a situation would leave the database locked to other connections. Fixed the broken CCH finalization sequence and a page lock leak.

fixed by Oleg Loa, Vlad Horsun, Dmitry Yemanov

(1.5.1) Generator pages were not flushed properly, causing generator value changes to be lost after a server failure, even in Forced Writes mode

fixed by ?

(1.5.1) A nested query that contained a variable in the WHERE clause would be erroneously flagged as invariant (), e.g.

  select max(d2.id) from demo d2
    where d2.id < :id
          

fixed by Nickolay Samofatov

(1.5.1) Request cloning logic was broken. Clones of procedures/triggers were not accounting for invariants and the requests opened by them at all. Thus, they were inheriting invariant values from previous executions and were not freeing resources (highly limited! - you can have only 1000 copies of a request open). This is why most recursive procedures didn't work at all and using procedures from multiple Superserver connections produced results that were inconsistent or timing-dependent.

Invariant dependency tracking was not working properly. The engine now keeps account of which variables an invariant depends on and clears the cached invariant value when values are being assigned to these variables.

fixed by Nickolay Samofatov

(1.5.1) A number of problems with the win32 lock manager, that manifested themselves as low performance when several operations were waiting on locks simultaneously, were solved.

fixed by Claudio Valderrama

(1.5.1) Expression evaluation was not supported in LEFT JOIN.

fixed by Dmitry Yemanov

(1.5.1) Server would crash when views and selectable procedures were intermixed.

fixed by Nickolay Samofatov

(1.5.1) Fixed an obscure bug where the server would crash if LIKE ESCAPE <symbol> was asked to operate on NULL. LIKE syntax is:

  <string> LIKE <string> [ESCAPE <one-char-string>]
          

A request such as

  select * from rdb$database
    where 'a' like 'a' escape cast(null as char(1))
          

would crash the engine. It now complies with the SQL standard and returns an empty result set from such a query.

fixed by Fred Polizo Jr

(1.5.1) Length of string types containing binary data (OCTETS) was being determined incorrectly in UDFs.

fixed by P. Jacobi

(1.5) Fixed minor inconsistencies in charsets naming.

fixed by D. Yemanov

(1.5) GSTAT crashed in some switch combinations.

fixed by D. Yemanov

(1.5) Fixed broken savepoint handling in BREAK|LEAVE/EXIT.

fixed by A. Brinkman

(1.5) Fixed optimizer to prefer single indices to composite ones and to prefer full-match unique indices.

fixed by N. Samofatov

(1.5) Long runnning connection caused mem leak in OS kernel device

fixed by P. Vinkenoog, N. Samofatov

(1.5) UDF log(x, y) in fact returned log(y, x)

fixed by P. Vinkenoog, N. Samofatov

(1.5) UDFs ltrim('') and rtrim('') returned NULL; rtrim forgot first char

fixed by A. Peshkoff

(1.5) Fixed server crash caused by lost transaction context.

fixed by A. Peshkoff

(1.5) Fixed server crash caused by any combination of a subquery and BETWEEN.

fixed by D. Yemanov

(1.5) "<value> STARTING WITH <field>" would fail when using indices.

fixed by A. Peshkoff

(1.5) Non-existent deadlock is raised after execution of pre-(update/delete) triggers.

fixed by D. Yemanov

(1.5) Preparing some big queries could crash the server randomly.

fixed by Oleg Loa

(1.5) UDF arguments of types DATE/TIME were wrong in dialect 3.

fixed by Vlad Horsun, D. Yemanov

(1.5) Possible referential integrity violation.

fixed by Erik S. LaBianca, N. Samofatov

(1.5) Permissions problem for firebird.conf. Also generate aliases.conf on install; use rpmbuild to create Linux packages

fixed by A. Peshkoff

(1.5) Wrong attachment reference after exception in PSQL.

fixed by Vlad Horsun, D. Yemanov

(1.5) Potential index corruptions during garbage collection.

fixed by N. Samofatov

(1.5) Solved problems with temporary files management:

fixed by D. Yemanov

(1.5) Disabled usage of specifically-configured auxiliary port in CS builds due to known issues.

fixed by D. Yemanov

(1.5) Potential crashes on disconnect when event notification was used.

fixed by N. Samofatov

(1.5) Enabled statistics Services API for POSIX CS builds.

fixed by D. Yemanov

(1.5) Partly enabled Services API for win32 CS builds.

Change done by D. Yemanov

(1.5) Features of GSTAT/GSEC are not available via Services API in win32 CS (until a later sub-release).

fixed by D. Yemanov

(1.5) Wrong record statistics were reported when an operation failed for some reason.

fixed by A. Peshkoff

(1.5) stdin/stdout could not be used to redirect console I/O in the Win32 build of GBAK.

fixed by N. Samofatov

(1.5) Lock table resizing in CS was broken. No more "lock manager out of room" or crashes (possible in all previous CS builds of Interbase/Firebird).

fixed by A. Peshkoff

(1.5) BUGCHECK(291): Possible database corruption when you modified/deleted the same record in pre-trigger for which this trigger was called.

fixed by Oleg Loa

(1.5) Buffer overrun in isc_database_info() call.

fixed by Jim Starkey, Paul Reeves

(1.5) Wrong type of event delivery (unnecessary usage of OOB packets).

fixed by A. Brinkman

(1.5) Server would crash in some Services API operations.

fixed by Mike Nordell, A. Peshkoff, N. Samofatov, D. Yemanov

(1.5) Fixed resource/memory leaks.

fixed by D. Yemanov

(1.5) Buffer overrun with multidimensional arrays.

fixed by D. Yemanov

(1.5) Various issues with events used on multihomed hosts.

fixed by Mike Nordell, A. Peshkoff

(1.5) Fixed some resource leaks.

fixed by N. Samofatov

(1.5) Potential for database corruption when backing out the savepoint after large number of DML operations (so transaction-level savepoint is dropped) and record was updated not under the savepoint and the deleted under the savepoint.

fixed by D. Yemanov

(1.5) Server would hang during disconnect after mass updates.

fixed by A. Brinkman

(1.5) "Context already in use" error was exhibited in the case of DISTINCT with subqueries.

fixed by A. Brinkman

(1.5) Long delays during connecting/disconnecting on WinXP.

fixed by A. Brinkman

(1.5) View was affecting the result of a query. Comment: Problem was that RSE's (inside a view) were not flagged as variant.

fixed by D. Yemanov

(1.5) Sometimes GFIX didn't allow to specify "-user" and "-password" switches ("incompatible swiches" error).

fixed by A. Brinkman

(1.5) LEFT JOIN with VIEWs: simple LEFT JOIN on a VIEW with only an ON clause didn't use an index even if it was possible.

fixed by D. Yemanov

(1.5) Trashed RDB$FIELD_LENGTH for views that contain concatenation of long CHAR/VARCHAR fields.

fixed by D. Yemanov

(1.5) Cursors (WHERE CURRENT OF clause) could not be used in triggers.

fixed by A. Brinkman

(1.5) Case reported where ORDER BY had no effect.

fixed by A. Brinkman

(1.5) Bug case where subquery was used in connection with IN() clause.

fixed by A. Brinkman

(1.5) Engine crashed when UNIONS were used in a VIEW and that VIEW was used in the WHERE clause inside a subquery.

fixed by D. Yemanov

(1.5) "Request sycnhronization error" with BREAK statement.

fixed by A. Brinkman

(1.5) No current record for fetch operation.

fixed by D. Yemanov

(1.5) QLI didn't understand BIGINT datatype.

fixed by A. Brinkman

(1.5) Length of text variables inside procs/triggers wasn't copied to descriptor structure.

fixed by Erik Kunze

(1.5) Buffer overflow (MAXPATHLEN) and rewritten local function dirname.

fixed by N. Samofatov

(1.5) Make SQLDA parameter mapping consistent with order and number of parameters in source SQL string.

fixed by A. Peshkoff

(1.5) Exceptions inside for/while loops in triggers were not handled correctly.

fixed by Paul Reeves, Mark O'Donohue

(1.5) Double forward slash in connection string gave problems.

fixed by A. Peshkoff

(1.5) Deadlock occurred unexpectedly during some database operations.

fixed by N. Samofatov

(1.5) Quoted identifiers problem in plan expressions.

fixed by Ignacio J. Ortega

(1.5) Triggers fail to compile if PLAN used.

fixed by Vlad Horsun, Erik Kunze

(1.5) Distributed (2PC) transaction could not be properly rolled back due to network errors.

fixed by N. Samofatov

(1.5) When the optimizer finds indexes for LEFT JOIN, they work like INNER JOIN. Fixed problem which caused complex outer joins to produce wrong results.

fixed by D. Yemanov

(1.5) BLOB subtype was ignored in system domains generated for expression fields in views.

fixed by D. Yemanov

(1.5) Fixed a Windows installation bug: instreg.exe wasn't creating the "GuardianOptions" registry value.

fixed by N. Samofatov

(1.5) Resource leaks in DDL recursive procedure handling which caused some DDL to fail.

fixed by N. Samofatov

(1.5) CHECK constraint which uses only one table field is now dropped automatically when this field is dropped.

fixed by N. Samofatov

(1.5) The server could crash during garbage collection under heavy load.

fixed by D. Kuzmenko

(1.5) gstat showed wrong value for maxdup element.

fixed by D. Yemanov

(1.5) Trigger whose name starts with 'RDB$' can not be altered or dropped at all.

fixed by D. Yemanov

(1.5) Broken dependencies (like DB$34) would appear in the database after metadata changes.

fixed by D. Yemanov

(1.5) Disabled BREAK statement for triggers (like EXIT) due to known internal limitations.

fixed by A. Peshkoff

(1.5) Automatic/background sweep could hang.

fixed by D. Yemanov

(1.5) The server would crash when XSQLDA structures were not prepared for all statement parameters.

Partly fixed by D. Yemanov

(1.5) A metadata security hole.

fixed by Artem Petkevych

(1.5) BigInt arrays didn't work.

fixed by Claudio Valderrama

(1.5) Crash with extract from null as date.

fixed by N. Samofatov

(1.5) Deferred metadata compilation: solved a lot of causes of the well-known "object in use" error.