Details
-
Bug
-
Status: Closed (View Workflow)
-
Major
-
Resolution: Won't Fix
-
None
-
None
-
ArchLinux, mariadb-libs 10.3.12-4
GHC (Haskell), mysql-simple 0.4.5 (Haskell), mysql 0.1.6 (Haskell)
Description
I was having problems after upgrading my system. It was using libmysqlclient.so.18 and
now uses mariadb.so.3 as library to access the database. I started getting segfaults after
multiple queries to the database. I traced the execution down to mariadb_lib.c unpack_fields
function.
This function sets multiple char* and length fields. At the end (https://github.com/MariaDB/mariadb-connector-c/blob/3.1/libmariadb/mariadb_lib.c#L810), it handles the default_value
and set the "def" field accordingly. But there is the "def_length" field that should specify then
length of the string pointed by "def". It is not initialized in the function. The mysql Haskell
library uses this field to know the length of the string to copy internally. With a weird and
big enough number, the program cashes with a sigsegv.