[CONC-572] random failure of mthd_my_read_query_result() with connector-c > 3.1.7 and server >= 10.5 Created: 2021-12-02  Updated: 2022-06-27  Resolved: 2022-06-27

Status: Closed
Project: MariaDB Connector/C
Component/s: Other
Affects Version/s: 3.2.5
Fix Version/s: N/A

Type: Bug Priority: Blocker
Reporter: Ferdinand Oeinck Assignee: Georg Richter
Resolution: Incomplete Votes: 0
Labels: None
Environment:

Windows 10 x64 latest

Issue Links:
Problem/Incident
is caused by MDEV-17832 Protocol: extensions for Pluggable ty... Closed

 Description   

In MDEV-17832 support was added for extended type info.

Since this change I have random errors coming from mthd_my_read_query_result() and in it db_read_rows() when using connector-c 3.1.8 and higher. Using 3.1.7 no errors are present.

From 3.1.8 onwards ma_result_set_rows() returns 9 when using server 10.5.2 or greater.

So db_read_rows() wants to read 9 fields, always. The error comes from the server is sending sometimes less the 9 fields! When the client reads the field = 8 data it then reads past the packet size and reads random data. The function exits with:
SET_CLIENT_ERROR(mysql, CR_UNKNOWN_ERROR, SQLSTATE_UNKNOWN, 0);

I think the problem originates in the server function has_extended_metadata() in file sql/sql_type.h

The function Protocol_text::store_field_metadata() uses has_extended_metadata() to decide to send 6 or more fields depending on m_attr[i].str being not null. I suppose there are cases when all three m_attr[i].str are null, which results in sending 6 fields in stead of the expected 9.

Could mr. Alexander Barkov look at this issue?

 Comments   
Comment by Ferdinand Oeinck [ 2021-12-03 ]

I've fixed it in the connectetor-c like this:
fix

Comment by Ferdinand Oeinck [ 2021-12-03 ]

I just installed Server 10.6.6 and with that Version the server sends always (during the test) the right amount of fields and the code I added in the fix above is not called.

Comment by Ferdinand Oeinck [ 2021-12-10 ]

The last comment is not correct. We still experience the same problem with Server 10.6.6 !!!
Why is nobody looking at this?

Comment by Ferdinand Oeinck [ 2021-12-14 ]

Oeps, typo, sorry about that.

In the meantime I've build and ran a debug version of mariadbd.exe 10.6.6 and 10.5.12 to reproduce this bug. But until now I've not seen the bug happening on the server. It always sends the right amount of data so the client never experiences a buffer overrun. I do my best to create a reproducible case. Anyhow the server release builds 10.5.12 over here and build 10.6.5 on my customers network show this bug. Although be it at random times.

Comment by Georg Richter [ 2021-12-15 ]

Hi Ferdinand,

thank you for your report and patch. Would it be possible to provide an additional test case which reproduces this behavior (I know only a broken deprecated mysql_list function which returns wrong number of fields, but this affects all versions).

FYI: Since it affects Connector/C this issue was moved from MDEV to CONC

Comment by Ferdinand Oeinck [ 2021-12-15 ]

Hi George,
As I already said, I try to create a test case, but that has failed. I cannot see the debug build of the server sending less data than the client expects. I could contact my customer and ask him if he would agree to give you access to his database server?

Comment by Georg Richter [ 2022-01-11 ]

Also a tcpdump (e.g. using wireshark) would be helpful.

Generated at Thu Feb 08 03:06:16 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.