Uploaded image for project: 'MariaDB Connector/C'
  1. MariaDB Connector/C
  2. CONC-457

mysql_list_processes crashes in unpack_fields

Details

    • Bug
    • Status: Closed (View Workflow)
    • Major
    • Resolution: Fixed
    • 3.1.6
    • 3.1.8
    • None
    • None

    Description

      We discovered that mysql_list_processes crashes in unpack_fields.

      I have attached a simple test program.

      First, create a user account:

      CREATE USER 'list_processes_test'@'localhost' IDENTIFIED BY 'test';
      		 
      GRANT ALL PRIVILEGES ON *.* TO 'list_processes_test'@'localhost';

      And then compile it:

      $ gcc -ggdb $(mariadb_config --include --libs) ./test_list_processes.c

      And then run it via gdb:

      $ gdb ./a.out
      		 
      ...
      		 
      (gdb) run

      It crashes with a segmentation fault with the following backtrace:

      Program received signal SIGSEGV, Segmentation fault.
      		 
      unpack_fields (data=0x62c390, alloc=alloc@entry=0x623d70, fields=fields@entry=9, default_value=default_value@entry=0 '\000', long_flag_protocol=<optimized out>)
      		 
          at /usr/src/debug/MariaDB-10.4.11-5/src_0/libmariadb/libmariadb/mariadb_lib.c:808
      		 
      808         field->charsetnr= uint2korr(p);
      		 
      Missing separate debuginfos, use: debuginfo-install glibc-2.17-292.el7.x86_64 keyutils-libs-1.5.8-3.el7.x86_64 krb5-libs-1.15.1-34.el7.x86_64 libcom_err-1.42.9-13.el7.x86_64 libselinux-2.5-14.1.el7.x86_64 openssl-libs-1.0.2k-16.el7_6.1.x86_64 pcre-8.32-17.el7.x86_64 zlib-1.2.7-18.el7.x86_64
      		 
      (gdb) bt
      		 
      #0  unpack_fields (data=0x62c390, alloc=alloc@entry=0x623d70, fields=fields@entry=9, default_value=default_value@entry=0 '\000', long_flag_protocol=<optimized out>)
      		 
          at /usr/src/debug/MariaDB-10.4.11-5/src_0/libmariadb/libmariadb/mariadb_lib.c:808
      		 
      #1  0x00007ffff7ba8d22 in mysql_list_processes (mysql=0x623a70) at /usr/src/debug/MariaDB-10.4.11-5/src_0/libmariadb/libmariadb/mariadb_lib.c:2555
      		 
      #2  0x00000000004008ac in list_processes (conn=0x623a70) at ./test_list_processes.c:12
      		 
      #3  0x00000000004009ab in main (argc=1, argv=0x7fffffffe558) at ./test_list_processes.c:36

      The crash happens here:

      https://github.com/mariadb-corporation/mariadb-connector-c/blob/v3.1.6/libmariadb/mariadb_lib.c#L808

      Attachments

        Activity

          Ascending order - Click to sort in descending order
          GeoffMontee Geoff Montee (Inactive) created issue -
          GeoffMontee Geoff Montee (Inactive) made changes -
          Field Original Value New Value
          Description We discovered that {{mysql_list_processes}} crashes in {{unpack_fields}}.

          I have attached a simple test program.

          First, create a user account:

          {code:sql}
          CREATE USER 'list_processes_test'@'localhost' IDENTIFIED BY 'test';
          GRANT ALL PRIVILEGES ON *.* TO 'list_processes_test'@'localhost';
          {code}

          And then compile it:

          {code:sh}
          $ gcc -ggdb $(mariadb_config --include --libs) ./test_list_processes.c
          {code}

          And then run it via {{gdb}}:

          {code:sh}
          $ gdb ./a.out
          ...
          (gdb) run
          {code}

          It crashes with a segmentation fault the following backtrace:

          {noformat}
          Program received signal SIGSEGV, Segmentation fault.
          unpack_fields (data=0x62c390, alloc=alloc@entry=0x623d70, fields=fields@entry=9, default_value=default_value@entry=0 '\000', long_flag_protocol=<optimized out>)
              at /usr/src/debug/MariaDB-10.4.11-5/src_0/libmariadb/libmariadb/mariadb_lib.c:808
          808 field->charsetnr= uint2korr(p);
          Missing separate debuginfos, use: debuginfo-install glibc-2.17-292.el7.x86_64 keyutils-libs-1.5.8-3.el7.x86_64 krb5-libs-1.15.1-34.el7.x86_64 libcom_err-1.42.9-13.el7.x86_64 libselinux-2.5-14.1.el7.x86_64 openssl-libs-1.0.2k-16.el7_6.1.x86_64 pcre-8.32-17.el7.x86_64 zlib-1.2.7-18.el7.x86_64
          (gdb) bt
          #0 unpack_fields (data=0x62c390, alloc=alloc@entry=0x623d70, fields=fields@entry=9, default_value=default_value@entry=0 '\000', long_flag_protocol=<optimized out>)
              at /usr/src/debug/MariaDB-10.4.11-5/src_0/libmariadb/libmariadb/mariadb_lib.c:808
          #1 0x00007ffff7ba8d22 in mysql_list_processes (mysql=0x623a70) at /usr/src/debug/MariaDB-10.4.11-5/src_0/libmariadb/libmariadb/mariadb_lib.c:2555
          #2 0x00000000004008ac in list_processes (conn=0x623a70) at ./test_list_processes.c:12
          #3 0x00000000004009ab in main (argc=1, argv=0x7fffffffe558) at ./test_list_processes.c:36
          {noformat}

          The crash happens here:

          https://github.com/mariadb-corporation/mariadb-connector-c/blob/v3.1.6/libmariadb/mariadb_lib.c#L808           		We discovered that {{mysql_list_processes}} crashes in {{unpack_fields}}.

          I have attached a simple test program.

          First, create a user account:

          {code:sql}
          CREATE USER 'list_processes_test'@'localhost' IDENTIFIED BY 'test';
          GRANT ALL PRIVILEGES ON *.* TO 'list_processes_test'@'localhost';
          {code}

          And then compile it:

          {code:sh}
          $ gcc -ggdb $(mariadb_config --include --libs) ./test_list_processes.c
          {code}

          And then run it via {{gdb}}:

          {code:sh}
          $ gdb ./a.out
          ...
          (gdb) run
          {code}

          It crashes with a segmentation fault with the following backtrace:

          {noformat}
          Program received signal SIGSEGV, Segmentation fault.
          unpack_fields (data=0x62c390, alloc=alloc@entry=0x623d70, fields=fields@entry=9, default_value=default_value@entry=0 '\000', long_flag_protocol=<optimized out>)
              at /usr/src/debug/MariaDB-10.4.11-5/src_0/libmariadb/libmariadb/mariadb_lib.c:808
          808 field->charsetnr= uint2korr(p);
          Missing separate debuginfos, use: debuginfo-install glibc-2.17-292.el7.x86_64 keyutils-libs-1.5.8-3.el7.x86_64 krb5-libs-1.15.1-34.el7.x86_64 libcom_err-1.42.9-13.el7.x86_64 libselinux-2.5-14.1.el7.x86_64 openssl-libs-1.0.2k-16.el7_6.1.x86_64 pcre-8.32-17.el7.x86_64 zlib-1.2.7-18.el7.x86_64
          (gdb) bt
          #0 unpack_fields (data=0x62c390, alloc=alloc@entry=0x623d70, fields=fields@entry=9, default_value=default_value@entry=0 '\000', long_flag_protocol=<optimized out>)
              at /usr/src/debug/MariaDB-10.4.11-5/src_0/libmariadb/libmariadb/mariadb_lib.c:808
          #1 0x00007ffff7ba8d22 in mysql_list_processes (mysql=0x623a70) at /usr/src/debug/MariaDB-10.4.11-5/src_0/libmariadb/libmariadb/mariadb_lib.c:2555
          #2 0x00000000004008ac in list_processes (conn=0x623a70) at ./test_list_processes.c:12
          #3 0x00000000004009ab in main (argc=1, argv=0x7fffffffe558) at ./test_list_processes.c:36
          {noformat}

          The crash happens here:

          https://github.com/mariadb-corporation/mariadb-connector-c/blob/v3.1.6/libmariadb/mariadb_lib.c#L808
          georg Georg Richter made changes -
          Fix Version/s 3.1.8 [ 24230 ]
          Fix Version/s 3.1 [ 23223 ]
          Resolution Fixed [ 1 ]
          Status Open [ 1 ] Closed [ 6 ]
          julien.fritsch Julien Fritsch made changes -
          Workflow MariaDB connectors [ 104401 ] MariaDB v4 [ 161199 ]

          People

            georg Georg Richter
            GeoffMontee Geoff Montee (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Git Integration

                Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.