PI57768: INVALID HEX STRINGS PASSED TO DSNREXX ARE NOT VALIDATED AND INCORROUT WILL OCCUR

Obtain the fix for this APAR.

APAR status

• Closed as program error.

Error description

• There are three errors being reported:
  1. When a hex value with a lower case hex character is passed,
  ie aa or ff, the translation results in x'00'.
  2. When an invalid character is passed as part of a hex string,
  ie x'0123Y-', the invalid characters are converted to x'00'.
  3. When an invalid length hex string is passed, ie x'123', the
  value is not being marked invalid and incorrect conversion
  results.
  

Local fix

• Validate hex strings before passing to DSNREXX
  

Problem summary

• ****************************************************************
  * USERS AFFECTED: All DB2 10 for z/OS and DB2 11 for z/OS      *
  *                 users who use DB2 REXX Language support      *
  *                 (DSNREXX) to process SQL statements that     *
  *                 contain character data in hexadecimal        *
  *                 format.                                      *
  ****************************************************************
  * PROBLEM DESCRIPTION: Incorrect output can occur in three     *
  *                      different ways when using DSNREXX to    *
  *                      process an EXECUTE USING or OPEN USING  *
  *                      request that supplies a hex string:     *
  *                      (1) Valid lower case letters in a hex   *
  *                          string cause the containing         *
  *                          byte to be converted to null.  For  *
  *                          example, x'abCDeF' is converted     *
  *                          to x'00CD00'.                       *
  *                      (2) Characters other than '0' - '9' or  *
  *                          'A' - 'F' in a hex string cause the *
  *                          containing byte to be converted to  *
  *                          null.  For example, 'ABC-EF' is     *
  *                          converted to x'AB00EF'.             *
  *                      (3) Incomplete (odd-numbered length)    *
  *                          hex strings are misinterpreted.     *
  *                          For example, x'AABCDE7' is          *
  *                          converted to x'ABCDE7'.             *
  *                      No error or warning is given in any of  *
  *                      these cases.                            *
  *                                                              *
  *                      Additional Keywords: SQLINCORROUT       *
  ****************************************************************
  * RECOMMENDATION: Apply the fixing PTF for this APAR.          *
  ****************************************************************
  Character data in SQL statements can be expressed in hexadecimal
  format.  For example, these statements are equivalent:
  
    SELECT '1' FROM SYSIBM.SYSDUMMY1;
  
    SELECT X'F1' FROM SYSIBM.SYSDUMMY1;
  
  As noted in the Problem Description section, DSNREXX currently
  has problems handling both valid hex strings (those that contain
  'a' - 'f' in place of 'A' - 'F') and invalid hex strings (those
  that have inappropriate characters or an odd-numbered length).
  These problems occur when DSNREXX processes an EXECUTE USING or
  OPEN USING statement that supplies a hex string.  For example,
  the following code shows how problem (3) can occur when using
  the EXECUTE USING statement to insert a row of data:
  
    STMT = "INSERT INTO MYTAB(MyVarcharColumn) VALUES(?)";
    "EXECSQL PREPARE S1 INTO :OUTSQLDA FROM :STMT";
    HEXSTRING = "X'1234567'";
    "EXECSQL EXECUTE S1 USING :HEXSTRING'
  
  ==> Result: MyVarcharColumn contains x'234567'.
  

Problem conclusion

• In response, this APAR corrects DSNREXX to handle hex strings
  with valid lower-case letters, 'a' - 'f', correctly.  It also
  modifies DSNREXX to reject hex strings that have an odd-numbered
  length or that contain invalid characters with SQLCODE -110.
  
  ----------------------------------------------------------------
  ATTENTION for customers who bind DSNREXX with an application
  encoding scheme for Japanese Extended Katakana: CCSID 930, 1390,
  or 5026
  ----------------------------------------------------------------
  When DSNREXX runs with a package that was bound with a CCSID
  setting of 930, 1390, or 5026, any SQL statements that express
  hexadecimal characters in lower case, 'a' - 'f', are not
  supported and will be rejected with SQLCODE -104 or SQLCODE
  -110.  That is necessary because in CCSID 290 (the single-byte
  character set associated with 930, 1390 and 5026), lower case
  latin characters, including 'a' - 'f', do not reside at the
  standard code points for such characters.  Therefore, letters in
  hex characters must be in upper case, 'A' - 'F'.
  

Temporary fix

Comments

APAR Information

• APAR is sysrouted FROM one or more of the following:

• APAR is sysrouted TO one or more of the following:

  UI44551 UI44552

Modules/Macros

• DSNTZUSI
  

Fix information

• Fixed component name

  DB2 OS/390 & Z/

• Fixed component ID

  5740XYR00

Applicable component levels

• RA10 PSY UI44551

     UP17/02/25 P F702

• RB10 PSY UI44552

     UP17/02/25 P F702

Fix is available

• Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.