Details
-
Bug
-
Status: Open (View Workflow)
-
Major
-
Resolution: Unresolved
-
3.1.8, 3.1.9, 3.1.10, 3.1.11, 3.1.12
-
None
-
None
Description
Some queries break under unknown circumstances and are able to run successfully by changing whitespace. Unsure as to why whitespace makes a difference, but while debugging the issue came across the following set of code in mariadb_lib.c beginning at line 2335:
if (!(fields=mysql->methods->db_read_rows(mysql,(MYSQL_FIELD*) 0,
ma_result_set_rows(mysql))))
return(-1);
if (!(mysql->fields=unpack_fields(mysql, fields, &mysql->field_alloc,
(uint) field_count, 1)))
This bit of code reads the field information for a result set. The ma_result_set_rows function returns and 8 or 9 depending on whether the client and server support EXTENDED_METADATA, 8 if not and 9 if so. The problem is that the payload for field metadata has 6 length encoded fields and the rest of the fields are packed fields. When trying to read the 9th field as length encoded, it will sometimes try to read beyond the length of the current MySQL packet, which causes the unknown error to be triggered.
The previous version of this call had a hardcoded "8" in place of the ma_result_set_rows function, with 3.1.7 being the last version with that in place. There are no issues with the previous versions, and because the population of the type metadata field is populated in the unpack call in the supplied code, it does not seem necessary to try to read 9 in the db_read_rows call.
Code commit that changed this part of the code: https://github.com/mariadb-corporation/mariadb-connector-c/commit/6632cb69d7acf3c3d9ceb0dd78a952a4d514cb5b