BUG: CMDExec Task May Cause Heap Corruption and AV in SQL Executive (234200)

SYMPTOMS

A CMDexec task may cause heap corruption if it contains an extra double quote ("). Repeated execution of the task may cause a SQL Executive Access Violation (AV). For example, a batch file named mybatch.cmd containing:

isql -U"sa" -P -Q"SELECT 1"
isql -U"sa" -P -Q"SELECT 1"
isql -U"sa" -P -Q"SELECT 1"

when executed as CMDexec task as mybatch.cmd, causes heap corruption and may cause an access violation.

If the double quotes are removed from around the sa characters in the preceding code, the problem does not occur:

isql -Usa -P -Q"SELECT 1"
isql -Usa -P -Q"SELECT 1"
isql -Usa -P -Q"SELECT 1"

This behavior occurs with the CMDEXEC.dll shipping with Service Pack 5, dated 8/26/98. It does not occur with previous versions of the file.

WORKAROUND

To work around this problem, choose either of the following:

Remove the extra double quotes.

Add "ECHO OFF" to the beginning of the batch file. For example:

   ECHO OFF
   isql -U"sa" -P -Q"SELECT 1"
   isql -U"sa" -P -Q"SELECT 1"
   isql -U"sa" -P -Q"SELECT 1"

MORE INFORMATION

SQLTrace shows the extra double quotes introduced around the SELECT statement:

msdb..sp_schedulerlog 0,0,0,17,"","",1,19990527,141240,4,"",0,0,"Process Exit Code 0.  ...ected)    E:\MSSQL\BINN>isql -Usa -P -Q""select ""1""""                   -----------              1     (1 row affected)    E:\MSSQL\BINN>isql -Usa -P -Q""select ""1""""                   -----------              1     (1 row affected)  ",1684370531

The following message may appear if SQL Executive is started from the Command prompt with -c -v: