[#CONC-294] Access violation on mysql_close with a connection plugin.

[CONC-294] Access violation on mysql_close with a connection plugin. Created: 2017-11-12 Updated: 2018-01-21 Resolved: 2018-01-21
Status:	Closed
Project:	MariaDB Connector/C
Component/s:	None
Affects Version/s:	3.0.2
Fix Version/s:	3.0.4

Type:

Bug

Priority:

Major

Reporter:

Andrey Volk

Assignee:

Georg Richter

Resolution:

Fixed

Votes:

Labels:

None

Description

int

mthd_my_send_cmd(MYSQL *mysql,enum enum_server_command command, const char *arg,

	       size_t length, my_bool skipp_check, void *opt_arg)

......

  if (IS_CONNHDLR_ACTIVE(mysql)) // <- Wrongly thinks that mysql->extension->conn_hdlr has something after free(p) at line 1920

    result= mysql->extension->conn_hdlr->plugin->set_connection(mysql, command, arg, length, skipp_check, opt_arg); // <- Exception!!!

    if (result== -1)

      return(result);

....

The problem is because mysql->extension->conn_hdlr is kept with a value after "free(p);" at line 1920.

    if (mysql->extension && mysql->extension->conn_hdlr)

      MA_CONNECTION_HANDLER *p= mysql->extension->conn_hdlr;

      p->plugin->close(mysql);

      free(p); // <- HERE

    if (mysql->methods)

      mysql->methods->db_close(mysql); // <- Problem!

Should be

    if (mysql->extension && mysql->extension->conn_hdlr)

      MA_CONNECTION_HANDLER *p= mysql->extension->conn_hdlr;

      p->plugin->close(mysql);

      free(p);

      mysql->extension->conn_hdlr = NULL; // <- Solution

    if (mysql->methods)

      mysql->methods->db_close(mysql);

Comments

Comment by Georg Richter [ 2018-01-21 ]

Fixed (rev. 00903bb676384c21fc30427e3913c6f189497fac)

Generated at Thu Feb 08 03:04:17 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.