FIX: Sqltrace.dll May Cause Heap Corruption with Zero Length Binary RPC Parameter

ID: Q219865

The information in this article applies to:

Microsoft SQL Server version 7.0

BUG #: 54436 (SQLBUG_70)

SYMPTOMS

A remote procedure call (RPC) event captured by SQLProfiler with a binary or varbinary parameter that is zero length can result in heap corruption within Sqlservr.exe by Sqltrace.dll.

The problem is specific to a binary or varbinary RPC parameter, and it only occurs if the parameter value is zero length.

STATUS

Microsoft has confirmed this to be a problem in SQL Server version 7.0. This problem has been corrected in U.S. Service Pack 1 for Microsoft SQL Server version 7.0. For information about downloading and installing the latest SQL Server Service Pack, see http://support.microsoft.com/support/sql/.

For more information, contact your primary support provider.

MORE INFORMATION

From an ODBC perspective, this occurs if the RPC parameter was specifically bound with zero length using SQLBindParameter or if only one digit was specified in a binary string constant (for example, 0x1 or a constant to represent a zero length binary value like 0x).

For example, if you execute {call mysp(0x)}, the ODBC SQL Server driver interprets this as a zero length binary value and sends across a value of 0 and length of 0.

If you were to run the above query with SQLProfiler enabled to trace RPC events, you would see a heap corruption error under a debugger.

Additional query words:

Keywords : kbbug7.00
Version : winnt:7.0
Platform : winnt
Issue type : kbbug