Details
-
Bug
-
Status: Closed (View Workflow)
-
Major
-
Resolution: Fixed
-
3.1.6
-
None
-
None
Description
The KB says the following about mysql_get_timeout_value:
This should only be called when a _start() or _cont() function returns a value with the MYSQL_WAIT_TIMEOUT flag set. In this case, it returns the value, in seconds, after which a timeout has occured and the application should call the appropriate _cont() function passing MYSQL_WAIT_TIMEOUT as the event that occured.
This is used to handle connection and read timeouts.
https://mariadb.com/kb/en/non-blocking-api-reference/
However, if this function is used improperly, then it crashes.
I have attached a simple test program.
First, create a user account:
CREATE USER 'list_processes_test'@'localhost' IDENTIFIED BY 'test'; |
GRANT ALL PRIVILEGES ON *.* TO 'list_processes_test'@'localhost'; |
And then compile it:
$ gcc -ggdb $(mariadb_config --include --libs) ./test_get_timeout_value.c
|
And then run it via gdb:
$ gdb ./a.out
|
...
|
(gdb) run
|
It crashes with a segmentation fault with the following backtrace:
Program received signal SIGSEGV, Segmentation fault.
|
0x00007ffff7ba20ef in mysql_get_timeout_value (mysql=0x623a70) at /usr/src/debug/MariaDB-10.4.11-5/src_0/libmariadb/libmariadb/mariadb_lib.c:1749
|
1749 unsigned int timeout= mysql->options.extension->async_context->timeout_value;
|
Missing separate debuginfos, use: debuginfo-install glibc-2.17-292.el7.x86_64 keyutils-libs-1.5.8-3.el7.x86_64 krb5-libs-1.15.1-34.el7.x86_64 libcom_err-1.42.9-13.el7.x86_64 libselinux-2.5-14.1.el7.x86_64 openssl-libs-1.0.2k-16.el7_6.1.x86_64 pcre-8.32-17.el7.x86_64 zlib-1.2.7-18.el7.x86_64
|
(gdb) bt
|
#0 0x00007ffff7ba20ef in mysql_get_timeout_value (mysql=0x623a70) at /usr/src/debug/MariaDB-10.4.11-5/src_0/libmariadb/libmariadb/mariadb_lib.c:1749
|
#1 0x00000000004008a2 in main (argc=1, argv=0x7fffffffe558) at ./test_get_timeout_value.c:17
|
The crash happens here: