[CONC-622] Errors from mysql_real_connect_cont are unrecoverable Created: 2022-12-27  Updated: 2023-01-15  Resolved: 2022-12-27

Status: Closed
Project: MariaDB Connector/C
Component/s: Non blocking API
Affects Version/s: None
Fix Version/s: 3.3.4

Type: Bug Priority: Critical
Reporter: Ivan Assignee: Georg Richter
Resolution: Fixed Votes: 0
Labels: None

Attachments: Zip Archive unrecoverable_mysql_real_connect_cont.zip    

 Description   

There is no way to resolve situations when mysql_real_connect_cont (after called repeatedly until 0 is returned) fails to initialize a connection:

If one tries to call mysql_close (or async counterpart) on the mysql handler, mysql_close invokes use after free or double free.
If one doesn't call mysql_close, then the memory is leaked (probably options, but not sure https://github.com/mariadb-corporation/mariadb-connector-c/blob/3.3/libmariadb/mariadb_lib.c#L2011).

Use after free comes from here:
first free: https://github.com/mariadb-corporation/mariadb-connector-c/blob/3.3/libmariadb/mariadb_lib.c#L1729
second free: https://github.com/mariadb-corporation/mariadb-connector-c/blob/3.3/libmariadb/mariadb_lib.c#L2382

If this is indeed a bug this renders mariadb-connector-c async functionality borderline unusable or at the very least unsound in long-running server applications.

Repro is attached, one could either follow the README to run it dockerized or just test on host machine

 Comments   
Comment by Ivan [ 2022-12-27 ]

I see this got already fixed in github, very impressive, thank you Georg!

Comment by Georg Richter [ 2022-12-27 ]

rev. da9bb98c0cef8097ee50341722f08d5042efbe49

Comment by Ivan [ 2022-12-28 ]

Hi Georg!

Once again thank you for the quickest fix, and i can confirm that it fixes the issue for me.

Do you by chance have an estimation on when this (3.3.4, i guess) could be made publicly available?

Generated at Thu Feb 08 03:06:38 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.