Highly Concurrent c-treeACE SQL Updates Involving Floating Point Conversions

1 October 2011

Affected Builds: All c-treeACE SQL builds prior to 110914
Criteria: Highly concurrent c-treeACE SQL insertions involving floating point conversions
Indications: Unexpected KDUP_ERR (2) errors

A potential data integrity issue was identified in FairCom's internal testing that demonstrated a potential field overwrite that could occur with highly concurrent c-treeACE SQL updates that include a floating point conversion. Affected field types include:

NUMERIC, NUMBER, DECIMAL, MONEY, (N)CHAR, (N)VARCHAR

A remote possibility exists with multi-threaded c-treeACE SQL applications (excluding JDBC and ADO.Net) when a floating point value (either a variable in the application using native floating points or a FLOAT SQL type) requires conversion into an aforementioned c-treeACE SQL type.

A combination of events must take place for this overwrite to occur:

1. Floating point data needs to be assigned to one of the above types,
2. Floating point data needs to be compared with one of the above types,
3. The execution of a SQL statement operation (or function) involving floating points and one of the above types.

Consider the case of an ODBC driver binding a MONEY column to a SQL_C_DOUBLE type. When an insert is performed, the C type data undergoes a conversion to an SQL type. During this conversion, there is a possibility a buffer is not protected from multi-threaded updates.

Solution: This possibility has been avoided by ensuring proper thread safe C library functions are used on respective platforms and the buffer used for conversion is properly protected.

FairCom customers on current maintenance can request an updated V9 c-treeACE SQL line at any time. Please contact your nearest FairCom office should you have any concerns that you are impacted by this update.