[CONC-473] mysql_real_connect_start() blows the stack when using an ipv6 mdns hostname - Jira

XML

Word

Printable

Details

Type: Bug
Status: Open (View Workflow)
Priority: Major
Resolution: Unresolved
Affects Version/s: 3.1.7
Fix Version/s: None
Component/s: None
Labels:
None
Environment:
Fedora 32

Description

Attaching the test file shortly. Compile this with:

gcc -g conc-test.c -lmysqlclient -I /usr/include/mysql

For me linuxjedi-mac.local is an mdns hostname of another machine that is expected to return an IPv6 address. In Fedora 32 using connector-c 3.1.7 RPMs attempting to do this crashes. I cannot reproduce using a hosts file entry (I've not tried regular AAAA DNS).

I cannot reproduce this on macOS using the connector c in 10.4.13 and I haven't tried another platform yet.

This is the stack:

Program received signal SIGSEGV, Segmentation fault.

0x00007ffff7e0ba9f in unlink_chunk (p=p@entry=0x427d90, av=<optimized out>) at malloc.c:1453

1453      if (chunksize (p) != prev_size (next_chunk (p)))

(gdb) bt

#0  0x00007ffff7e0ba9f in unlink_chunk (p=p@entry=0x427d90, av=<optimized out>)

    at malloc.c:1453

#1  0x00007ffff7e0e41a in _int_malloc (av=av@entry=0x7ffff7f469e0 <main_arena>,

    bytes=bytes@entry=28) at malloc.c:4038

#2  0x00007ffff7e0f534 in __GI___libc_malloc (bytes=28) at malloc.c:3058

#3  0x00007ffff79805ec in __res_context_send (ctx=ctx@entry=0x428480,

    buf=buf@entry=0x427e40 "\237r\001", buflen=buflen@entry=23, buf2=buf2@entry=0x0,

    buflen2=buflen2@entry=0, ans=<optimized out>, ans@entry=0x4282c0 "\222\065",

    anssiz=<optimized out>, ansp=0x0, ansp2=0x0, nansp2=0x0, resplen2=0x0,

    ansp2_malloced=0x0) at res_send.c:472

#4  0x00007ffff797d1d3 in __GI___res_context_query (ctx=ctx@entry=0x428480,

    name=name@entry=0x7ffff799302c "local", class=class@entry=1, type=type@entry=6,

    answer=answer@entry=0x4282c0 "\222\065", anslen=anslen@entry=65535,

    answerp=<optimized out>, answerp2=<optimized out>, nanswerp2=<optimized out>,

    resplen2=<optimized out>, answerp2_malloced=<optimized out>) at res_query.c:208

#5  0x00007ffff797d933 in context_query_common (anslen=65535, answer=0x4282c0 "\222\065",

    type=6, class=1, name=0x7ffff799302c "local", ctx=0x428480) at res_query.c:292

#6  __res_nquery (statp=statp@entry=0x428080, name=name@entry=0x7ffff799302c "local",

    class=class@entry=1, type=type@entry=6, answer=answer@entry=0x4282c0 "\222\065",

    anslen=anslen@entry=65535) at res_query.c:305

#7  0x00007ffff7991636 in local_soa () at src/util.c:125

#8  0x00007ffff7991885 in verify_name_allowed_with_soa (

    name=name@entry=0x402016 "linuxjedi-mac.local",

    mdns_allow_file=mdns_allow_file@entry=0x0) at src/util.c:65

#9  0x00007ffff799247a in gethostbyname_impl (h_errnop=0x7ffff79b7724,

    errnop=0x7ffff79b76c0, u=0x438320, af=<optimized out>,

    name=0x402016 "linuxjedi-mac.local") at src/nss.c:166

#10 _nss_mdns4_minimal_gethostbyname4_r (name=name@entry=0x402016 "linuxjedi-mac.local",

    pat=pat@entry=0x4385d8, buffer=0x4388e0 "#\351j>", <incomplete sequence \335>,

    buflen=1024, errnop=errnop@entry=0x7ffff79b76c0,

    h_errnop=h_errnop@entry=0x7ffff79b7724, ttlp=0x0) at src/nss.c:207

#11 0x00007ffff7e6d867 in gaih_inet (name=<optimized out>,

    name@entry=0x402016 "linuxjedi-mac.local", service=service@entry=0x4387f0,

    req=req@entry=0x438d70, pai=pai@entry=0x4387d8, naddrs=naddrs@entry=0x4387d4,

    tmpbuf=tmpbuf@entry=0x4388d0) at ../sysdeps/posix/getaddrinfo.c:765

#12 0x00007ffff7e6e739 in __GI_getaddrinfo (name=<optimized out>, service=<optimized out>,

    service@entry=0x438e10 "3306", hints=hints@entry=0x438d70, pai=pai@entry=0x438d68)

    at ../sysdeps/posix/getaddrinfo.c:2256

#13 0x00007ffff7f67629 in pvio_socket_connect (cinfo=0x438ec0, pvio=0x429f60)

    at /usr/src/debug/mariadb-connector-c-3.1.7-2.20200316gitfbf1db6.fc32.x86_64/plugins/pvio/pvio_socket.c:874

#14 pvio_socket_connect (pvio=0x429f60, cinfo=0x438ec0)

    at /usr/src/debug/mariadb-connector-c-3.1.7-2.20200316gitfbf1db6.fc32.x86_64/plugins/pvio/pvio_socket.c:747

--Type <RET> for more, q to quit, c to continue without paging--

#15 0x00007ffff7f702d9 in mthd_my_real_connect (mysql=0x7fffffffd620, host=<optimized out>,

    user=0x402011 "test", passwd=0x402010 "", db=0x0, port=3306,

    unix_socket=<optimized out>, client_flag=2147483648)

    at /usr/src/debug/mariadb-connector-c-3.1.7-2.20200316gitfbf1db6.fc32.x86_64/libmariadb/mariadb_lib.c:1455

#16 0x00007ffff7f88e45 in mysql_real_connect_start_internal (d=<optimized out>)

    at /usr/src/debug/mariadb-connector-c-3.1.7-2.20200316gitfbf1db6.fc32.x86_64/libmariadb/mariadb_async.c:332

#17 0x00007ffff7f8c9d5 in my_context_spawn (c=0x427940, f=0xd1c70004,

    d=0x7ffff7f46b30 <main_arena+336>)

    at /usr/src/debug/mariadb-connector-c-3.1.7-2.20200316gitfbf1db6.fc32.x86_64/libmariadb/ma_context.c:201

#18 0x0000000000000000 in ?? ()

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List
- Download All

conc-test.c
2 kB
2020-06-08 07:05

Activity

People

Assignee:: Georg Richter

Reporter:: Andrew Hutchings (Inactive)

Votes:: 1 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 2020-06-08 07:05

Updated:: 2020-06-08 12:27

Git Integration

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.