[CONC-457] mysql_list_processes crashes in unpack_fields Created: 2020-02-28  Updated: 2020-02-28  Resolved: 2020-02-28

Status: Closed
Project: MariaDB Connector/C
Component/s: None
Affects Version/s: 3.1.6
Fix Version/s: 3.1.8

Type: Bug Priority: Major
Reporter: Geoff Montee (Inactive) Assignee: Georg Richter
Resolution: Fixed Votes: 0
Labels: None

Attachments: File test_list_processes.c    

 Description   

We discovered that mysql_list_processes crashes in unpack_fields.

I have attached a simple test program.

First, create a user account:

CREATE USER 'list_processes_test'@'localhost' IDENTIFIED BY 'test';
 
GRANT ALL PRIVILEGES ON *.* TO 'list_processes_test'@'localhost';

And then compile it:

$ gcc -ggdb $(mariadb_config --include --libs) ./test_list_processes.c

And then run it via gdb:

$ gdb ./a.out
 
...
 
(gdb) run

It crashes with a segmentation fault with the following backtrace:

Program received signal SIGSEGV, Segmentation fault.
 
unpack_fields (data=0x62c390, alloc=alloc@entry=0x623d70, fields=fields@entry=9, default_value=default_value@entry=0 '\000', long_flag_protocol=<optimized out>)
 
    at /usr/src/debug/MariaDB-10.4.11-5/src_0/libmariadb/libmariadb/mariadb_lib.c:808
 
808         field->charsetnr= uint2korr(p);
 
Missing separate debuginfos, use: debuginfo-install glibc-2.17-292.el7.x86_64 keyutils-libs-1.5.8-3.el7.x86_64 krb5-libs-1.15.1-34.el7.x86_64 libcom_err-1.42.9-13.el7.x86_64 libselinux-2.5-14.1.el7.x86_64 openssl-libs-1.0.2k-16.el7_6.1.x86_64 pcre-8.32-17.el7.x86_64 zlib-1.2.7-18.el7.x86_64
 
(gdb) bt
 
#0  unpack_fields (data=0x62c390, alloc=alloc@entry=0x623d70, fields=fields@entry=9, default_value=default_value@entry=0 '\000', long_flag_protocol=<optimized out>)
 
    at /usr/src/debug/MariaDB-10.4.11-5/src_0/libmariadb/libmariadb/mariadb_lib.c:808
 
#1  0x00007ffff7ba8d22 in mysql_list_processes (mysql=0x623a70) at /usr/src/debug/MariaDB-10.4.11-5/src_0/libmariadb/libmariadb/mariadb_lib.c:2555
 
#2  0x00000000004008ac in list_processes (conn=0x623a70) at ./test_list_processes.c:12
 
#3  0x00000000004009ab in main (argc=1, argv=0x7fffffffe558) at ./test_list_processes.c:36

The crash happens here:

https://github.com/mariadb-corporation/mariadb-connector-c/blob/v3.1.6/libmariadb/mariadb_lib.c#L808

 Comments   
Comment by Georg Richter [ 2020-02-28 ]

Fixed rev. 6a0c8ff2e5334731f342c63f0b9c6b5840b22673

Marked the following functions as deprecated:

  • mysql_list_dbs
  • mysql_list_tables
  • mysql_list_processes
Generated at Thu Feb 08 03:05:27 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.