FIX: Sqltrace.dll May Cause Heap Corruption with Zero Length Binary RPC Parameter

This article was previously published under Q219865
This article has been archived. It is offered "as is" and will no longer be updated.
BUG #: 54436 (SQLBUG_70)
A remote procedure call (RPC) event captured by SQLProfiler with a binary or varbinary parameter that is zero length can result in heap corruption within Sqlservr.exe by Sqltrace.dll.

The problem is specific to a binary or varbinary RPC parameter, and it only occurs if the parameter value is zero length.
Microsoft has confirmed this to be a problem in SQL Server 7.0. This problem has been corrected in U.S. Service Pack 1 for Microsoft SQL Server 7.0. For more information, click the following article number to view the article in the Microsoft Knowledge Base:
232570INF: How to Obtain Service Pack 1 for Microsoft SQL Server 7.0 and Microsoft Data Engine (MSDE) 1.0
For more information, contact your primary support provider.
From an ODBC perspective, this occurs if the RPC parameter was specifically bound with zero length using SQLBindParameter or if only one digit was specified in a binary string constant (for example, 0x1 or a constant to represent a zero length binary value like 0x).

For example, if you execute {call mysp(0x)}, the ODBC SQL Server driver interprets this as a zero length binary value and sends across a value of 0 and length of 0.

If you were to run the above query with SQLProfiler enabled to trace RPC events, you would see a heap corruption error under a debugger.

Article ID: 219865 - Last Review: 10/14/2013 19:48:08 - Revision: 2.0

  • Microsoft SQL Server 7.0 Standard Edition
  • kbnosurvey kbarchive kbbug kbfix kbqfe KB219865