[CONC-316] SEGV from mariadb_reconnect - extension is corrupted on a reconnect - Jira

Details

Type: Bug
Status: Closed (View Workflow)
Priority: Major
Resolution: Duplicate
Affects Version/s: 3.0.3
Fix Version/s: N/A
Component/s: None
Labels:
None
Environment:
CentOS 7

Description

I ve compiled mariadb-connector-c 3.0.3 from sources with MySQLcompat enabled

-DWITH_MYSQLCOMPAT=1

then upgraded the perl module DBD::mysql to version 4.046_01

While running a test that does

dbh->do("select 12");

dbh->disconnect;

# undef doh + reconnect

dbh->do("select 12");

I can notice a SEGV coming from libmariadb/mariadb_lib.c:1647 which looks like this for me

   │1637    my_bool STDCALL mariadb_reconnect(MYSQL *mysql)                                                                                                                                │

   │1638    {                                                                                                                                                                              │

   │1639      MYSQL tmp_mysql;                                                                                                                                                             │

   │1640      struct my_hook_data hook_data;                                                                                                                                               │

   │1641      struct mysql_async_context *ctxt= NULL;                                                                                                                                      │

   │1642      LIST *li_stmt= mysql->stmts;                                                                                                                                                 │

   │1643                                                                                                                                                                                   │

   │1644      /* check if connection handler is active */                                                                                                                                  │

   │1645      if (IS_CONNHDLR_ACTIVE(mysql))                                                                                                                                               │

   │1646      {                                                                                                                                                                            │

  >│1647        if (mysql->extension->conn_hdlr->plugin && mysql->extension->conn_hdlr->plugin->reconnect)                                                                                 │

   │1648          return(mysql->extension->conn_hdlr->plugin->reconnect(mysql));                                                                                                           │

   │1649      }                                                                                                                                                                            │

   │1650                                                                                                                                                                                   │

   │1651      if (!mysql->options.reconnect ||                                                                                                                                             │

   │1652          (mysql->server_status & SERVER_STATUS_IN_TRANS) || !mysql->host_info)                                                                                                    │

   │1653      {                                                                                                                                                                            │

   │1654       /* Allow reconnect next time */                                                                                                                                             │

   │1655        mysql->server_status&= ~SERVER_STATUS_IN_TRANS;                                                                                                                            │

   │1656        my_set_error(mysql, CR_SERVER_GONE_ERROR, SQLSTATE_UNKNOWN, 0);

the gdb backtrace is

Program received signal SIGSEGV, Segmentation fault.

0x00007fffeed239e7 in mariadb_reconnect (mysql=0x130af10) at /root/rpmbuild/BUILD/mariadb-connector-c-3.0.3-src/libmariadb/mariadb_lib.c:1647

1647	    if (mysql->extension->conn_hdlr->plugin && mysql->extension->conn_hdlr->plugin->reconnect)

(gdb) bt

#0  0x00007fffeed239e7 in mariadb_reconnect (mysql=0x130af10) at /root/rpmbuild/BUILD/mariadb-connector-c-3.0.3-src/libmariadb/mariadb_lib.c:1647

#1  0x00007fffeed23faa in mthd_my_send_cmd (mysql=0x130af10, command=COM_QUERY, arg=0x12faa40 "SELECT 12;", length=10, skipp_check=<optimized out>, opt_arg=0x0) at /root/rpmbuild/BUILD/mariadb-connector-c-3.0.3-src/libmariadb/mariadb_lib.c:376

#2  0x00007fffeed21ca1 in mysql_real_query (mysql=0x130af10, query=0x12faa40 "SELECT 12;", length=<optimized out>) at /root/rpmbuild/BUILD/mariadb-connector-c-3.0.3-src/libmariadb/mariadb_lib.c:2249

#3  0x00007fffeef73cee in mysql_st_internal_execute (h=h@entry=0x134eda0, statement=statement@entry=0x1640498, attribs=attribs@entry=0x0, num_params=num_params@entry=0, params=params@entry=0x0, result=result@entry=0x7fffffffdac8, svsock=0x130af10, use_mysql_use_result=use_mysql_use_result@entry=0) at dbdimp.c:3568

#4  0x00007fffeef7a49b in XS_DBD__mysql__db_do (cv=<optimized out>) at mysql.xs:450

#5  0x00007fffef194355 in XS_DBI_dispatch () from /usr/local/cpanel/3rdparty/perl/526/lib64/perl5/cpanel_lib/x86_64-linux-64int/auto/DBI/DBI.so

#6  0x00007ffff78ea39d in Perl_pp_entersub () from /usr/local/cpanel/3rdparty/perl/526/lib64/perl5/5.26.0/x86_64-linux-64int/CORE/libperl.so

#7  0x00007ffff78e34c6 in Perl_runops_standard () from /usr/local/cpanel/3rdparty/perl/526/lib64/perl5/5.26.0/x86_64-linux-64int/CORE/libperl.so

#8  0x00007ffff7887590 in perl_run () from /usr/local/cpanel/3rdparty/perl/526/lib64/perl5/5.26.0/x86_64-linux-64int/CORE/libperl.so

#9  0x0000000000400d73 in main ()

more debug informations from gdb

(gdb) p mysql->extension

$4 = (struct st_mariadb_extension *) 0x16546d0

(gdb) p *( mysql->extension )

$5 = {

  conn_hdlr = 0x1660230,

  session_state =     {[0] = {

      list = 0x0,

      current = 0x0

},

    [1] = {

      list = 0x0,

      current = 0x0

},

    [2] = {

      list = 0x0,

      current = 0x0

},

    [3] = {

      list = 0x0,

      current = 0x0

},

    [4] = {

      list = 0x0,

      current = 0x0

},

    [5] = {

      list = 0xffffffff,

      current = 0x0

}},

  mariadb_client_flag = 10169976539133969351,

  mariadb_server_capabilities = 0

(gdb) p mysql->extension->conn_hdlr

$6 = (MA_CONNECTION_HANDLER *) 0x1660230

(gdb) p * mysql->extension->conn_hdlr

$7 = {

  plugin = 0x1200003732,

  data = 0x81,

  active = 16 '\020',

  free_data = 88 'X'

(gdb) p mysql->extension->conn_hdlr->plugin

$8 = (struct st_ma_connection_plugin *) 0x1200003732

(gdb) p *( mysql->extension->conn_hdlr->plugin )

Cannot access memory at address 0x1200003732

As you can see the plugin address is incorrectly set or not initialized

Attachments

Issue Links

links to

DBD::mysql PR 247

SEGV from mariadb_reconnect - extension is corrupted on a reconnect

Details

Description

Attachments

Issue Links

Activity

People

Dates

Git Integration