[CONC-213] mariadb_stmt_execute_direct of queries with parameters Created: 2016-11-11  Updated: 2016-11-22  Resolved: 2016-11-22

Status: Closed
Project: MariaDB Connector/C
Component/s: None
Affects Version/s: None
Fix Version/s: 3.0.1

Type: Bug Priority: Major
Reporter: Lawrin Novitsky Assignee: Georg Richter
Resolution: Fixed Votes: 0
Labels: None
Environment:

C/C built from current master branch, and server built from current 10.2 branch


 Description   

Using mariadb_stmt_execute_direct of queries with parameters simply crashes the application.
The crash occurs in mariadb_stmt_execute_direct call, in line:752 of mariadb_stmt.c
if (indicator == STMT_INDICATOR_NTS ||
(!stmt->row_size && stmt->params[i].length[j] == (unsigned long)-1))

#include <stdio.h>

#include <mysql.h>

#define NUMBER_OF_TEST_LOOPS 10

#ifndef OK

  1. define OK 0
    #endif
    #ifndef FAIL
  2. define FAIL 1
    #endif
    #ifndef SKIP
  3. define SKIP -1
    #endif
    #ifndef FALSE
  4. define FALSE 0
    #endif
    #ifndef TRUE
  5. define TRUE 1
    #endif

#define check_stmt_rc(rc, stmt) \
if (rc)\
{\
diag("Error: %s (%s: %d)", mysql_stmt_error(stmt), _FILE, __LINE_);\
return(FAIL);\
}

#define check_mysql_rc(rc, mysql) \
if (rc)\
{\
diag("Error (%d): %s (%d) in %s line %d", rc, mysql_error(mysql), \
mysql_errno(mysql), _FILE, __LINE_);\
return(FAIL);\
}

void diag(char const *fmt, ...);
int main(int argc, char *argv)
{
MYSQL *ma;
MYSQL_STMT *stmt;
MYSQL_BIND bind[2];
unsigned long length[2];
my_bool is_null[2], error[2];
int i, id, param_count= 1;

ma = mysql_init(NULL);
if (!mysql_real_connect(ma, "localhost", "root", "root", "test", 3308, NULL, 0))

{ printf("Could not connect: %s\n", mysql_error(ma)); exit(1); }

else

{ printf("Server info %s\nClient info: %s\n", mysql_get_server_info(ma), mysql_get_client_info()); }

stmt = mysql_stmt_init(ma);

memset(bind, '\0', sizeof(bind));
memset(is_null, '\0', sizeof(is_null));
memset(length, '\0', sizeof(length));
memset(error, '\0', sizeof(error));

bind[0].buffer_type = MYSQL_TYPE_LONG;
bind[0].buffer = (void *)&id;
bind[0].buffer_length = 4;
bind[0].is_null = &is_null[0];
bind[0].length = &length[0];
bind[0].error = &error[0];

mysql_stmt_attr_set(stmt, STMT_ATTR_PREBIND_PARAMS, &param_count);
check_stmt_rc(mysql_stmt_bind_param(stmt, bind), stmt);
check_stmt_rc(mariadb_stmt_execute_direct(stmt, "SELECT ?", strlen("SELECT ?")), stmt);
check_stmt_rc(mysql_stmt_store_result(stmt), stmt);
check_stmt_rc(mysql_stmt_free_result(stmt), stmt);

mysql_stmt_close(stmt);
mysql_close(ma);

exit(0);
}

 Comments   
Comment by Lawrin Novitsky [ 2016-11-11 ]

The thing is, C/C does not think, that the server I use (10.2 branch) is capable to do mariadb_stmt_execute_direct. I don't know is it aslo a bug, or I am just using wrong branch.
stmt->mysql->extension->mariadb_server_capabilities is 0, that causes emulate_cmd to be true, and execution going into mysql_stmt_prepare + mysql_stmt_execute path. And mysql_stmt_prepare allocates new stmt->params, and overwrites binding data received from application.
Btw, it looks like previously allocated stmt->params is leaked.

Comment by Lawrin Novitsky [ 2016-11-13 ]

Output of the testcase:
Server info 10.2.3-MariaDB-debug
Client info: 10.1.7

C:\Work\git\server>sql\Debug\mysqld.exe --console --port=3308
2016-11-11 19:46:46 19096 [Note] C:\Work\git\server\sql\Debug\mysqld.exe (mysqld 10.2.3-MariaDB-debug) starting as process 18324 ...

C:\Work\git\server>git branch --all | head
10.0
10.1

  • 10.2
    remotes/origin/0.1
    remotes/origin/10.0
    remotes/origin/10.0-FusionIO
    remotes/origin/10.0-FusionIO-Galera
    remotes/origin/10.0-custombld
    remotes/origin/10.0-defragment
    remotes/origin/10.0-galera

C:\Work\git\server>git log | head
commit f2219c8d3fb4a54da1fff74b8849c74b9a7de0c6
Author: Otto Kekäläinen <otto@mariadb.org>
Date: Wed Nov 9 21:15:17 2016 +0200

Deb: add gdb as a build dependency for stack traces on test suite failures

If mysqld crashed during the test suite run and gdb is available,
a stack trace will be printed automatically.

Comment by Lawrin Novitsky [ 2016-11-22 ]

I do not observe the bug with latest updates of C/C and server. I am not sure where it was fixed.

Generated at Thu Feb 08 03:03:41 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.