[CONC-71] mysql_real_query crashes in revision 113 Created: 2014-01-28  Updated: 2014-02-04  Resolved: 2014-02-04

Status: Closed
Project: MariaDB Connector/C
Component/s: None
Affects Version/s: None
Fix Version/s: None

Type: Bug Priority: Major
Reporter: Sudhindra Bhat Assignee: Georg Richter
Resolution: Fixed Votes: 0
Labels: None
Environment:

revision 113


 Description   

1)Connect to a mysql server after setting following options
mysql_options(mysql, MYSQL_OPT_RECONNECT,(const char *)"true");
mysql_options(mysql, MYSQL_SET_CHARSET_NAME, "utf8");
mysql_options(mysql, MYSQL_OPT_COMPRESS, 0);
mysql_options(mysql, MYSQL_INIT_COMMAND, "/*!40101 SET SQL_MODE='' */");
mysql_options(mysql, MYSQL_INIT_COMMAND, "/*!40101 set @@session.wait_timeout=28800 */");
2) after successful connection stop the server
3) execute mysql_real_query.

Here is a sample stack trace :

_heap_alloc_base(unsigned int size) Line 55 C
_heap_alloc_dbg_impl(unsigned int nSize, int nBlockUse, const char * szFileName, int nLine, int * errno_tmp) Line 431 + 0x9 bytes C++
_nh_malloc_dbg_impl(unsigned int nSize, int nhFlag, int nBlockUse, const char * szFileName, int nLine, int * errno_tmp) Line 239 + 0x19 bytes C++
_nh_malloc_dbg(unsigned int nSize, int nhFlag, int nBlockUse, const char * szFileName, int nLine) Line 302 + 0x1d bytes C++
malloc(unsigned int nSize) Line 56 + 0x15 bytes C++
my_malloc(unsigned int Size, int MyFlags) Line 36 + 0x9 bytes C
alloc_root(st_mem_root * mem_root, unsigned int Size) Line 81 + 0xb bytes C
mthd_my_read_rows(st_mysql * mysql, st_mysql_field * mysql_fields, unsigned int fields) Line 1195 + 0x31 bytes C
mthd_my_read_query_result(st_mysql * mysql) Line 2274 + 0x18 bytes C
mysql_real_query(st_mysql * mysql, const char * query, unsigned long length) Line 2303 + 0x25 bytes C

 Comments   
Comment by Sudhindra Bhat [ 2014-01-29 ]

in net.c

function : my_net_read
line number: 812 :

if ((packet_length = my_real_read(net,(size_t *)&complen)) == packet_error)
break;

line 827 :
len= current - start - 4;
line 830 :
if (len != packet_error)

Hence len is never equal to packet_error and this function returns 0xfffffffc even if my_real_read returns packet error.

in mthd_my_read_rows
line number 1188 :
while (*(cp=net->read_pos) != 254 || pkt_len >= 8)

This loop is always true since pkt_len is always 0xfffffffc and not packet_error because condition in line 1231 : " if ((pkt_len=net_safe_read(mysql)) == packet_error) " is never true.

Comment by Georg Richter [ 2014-02-04 ]

Fixed in revision 114

Generated at Thu Feb 08 03:02:40 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.