New Debian firebird2 packages fix denial of service

Aviram Jenik and Damyan Ivanov discovered a buffer overflow in firebird2, an RDBMS based on InterBase 6.0 code, that allows remote attackers to crash.

Coverity Open Source Defect Scan of Firebird

Hello Firebird Developers,

I’m the CTO of Coverity, Inc., a company that does static source code
analysis to look for defects in code. You may have heard of us or of our
technology from its days at Stanford (the “Stanford Checker“). The
reason I’m writing is because we have set up a framework internally to
continually scan open source projects and provide the results of our
analysis back to the developers of those projects. Firebird is one of
the 32 projects currently scanned at:

Interesting Project Metrics

I’ve been wonder for some about about metrics to evaluate the relative architectural cleanliness of various database implementations. To that end, I wrote a simple program that eat Visual Studio 7 projects files and analyzes the source files. Here are the results:

Nfs Engine Vulcan Firebird 2 MySQL Server
Total Modules 429 633 232 123
Total Lines 63432 227814 126274 214356
Code Modules 206 218 70 99
Header Modules 221 394 162 15
Preprocessed Modules 0 16 0 0
Other Modules 2 5 0 9
Number Functions 2839 4706 1633 4960
Average Arguments 5.00 8.65 13.08 7.58
Average FunctionLines 14.86 32.46 55.95 31.70
Average Code Lines 11.80 21.20 37.12 26.90
Average Internal Comments 0.94 6.10 11.92 2.59
Average Internal WhiteSpace 2.12 5.16 6.92 2.21


The analysis program doesn’t try to follow conditional compilation, so everything is included whether active or not.

The Netfrastructure engine is roughly equivalent in functionality to Firebird. The Netfrastructure numbers, however, are for the database engine only, excluding the Java Virtual Machine and template engine. Since the trigger and procedure language in Netfrastructure are Java, this isn’t a strict apples to apples comparison. On the other hand,the Netfrastructure engine includes the remote server, which Vulcan does not.

Database Development Forum – For Developers, By Developers

Upscene Productions and Arno Brinkman (Firebird core developer) started Database Development Forum, a place where developers can ask questions about database development. There are forums available for many different database engines and the idea is to start a community of developers that will ask and answer questions, all in a single website. You can register or anonymously ask questions, but registering has benefits – like getting e-mail notifications on answers.

Firebird 2.0: Status Update

A few words to those interested in the v2.0 progress.

Currently we’re in the process of preparing the Beta 2 release. The CVS tree has been tagged a week ago, now the Release Notes are being updated. The binaries should be packaged soon. We did intend to release it earlier, but there were a few hard-to-track issues found in the codebase, so we had to solve them first. Also the final v1.5.3 release has been done at the same time. These are the reasons of the delay.

If nothing critical is reported in the near future, I expect that the next official build will be Release Candidate 1. We still have bugs reported quite regularly, but neither of recent bugreports mention database corruptions or server crashes, so it appears we can consider the codebase stable enough.

Please note that Release Candidate builds are intended to fix regressions only, there will be almost no old bugs fixed during this stage. Starting with RC1, our developers will switch their attention to the Vulcan merge and new features/improvements.

— Dmitry Yemanov

1 54 55 56