[#MDEV-12246] Double-free crash in libmariadb.so: mysql

[MDEV-12246] Double-free crash in libmariadb.so: mysql_options() Created: 2017-03-13 Updated: 2017-09-26 Resolved: 2017-03-30
Status:	Closed
Project:	MariaDB Server
Component/s:	Scripts & Clients
Affects Version/s:	10.2.4
Fix Version/s:	10.2.5

Type:

Bug

Priority:

Blocker

Reporter:

FLAESCH Sebastien

Assignee:

Georg Richter

Resolution:

Fixed

Votes:

Labels:

10.2-ga

Environment:

Linux Debian 8.6 / 64bits

Issue Links:

Relates
relates to	~~CONC-251~~	client section on ~/.my.cnf is not re...	Closed

Description

Fresh compilation with 10.2, using exact same code as 10.1, we get a crash in mysql_options():

==31368==ERROR: AddressSanitizer: attempting double-free on 0x61600000e780 in thread T0:

    #0 0x7f07af355527 in __interceptor_free (/usr/lib/x86_64-linux-gnu/libasan.so.1+0x54527)

    #1 0x7f07a38e9688 in _mariadb_read_options /home/buildbot/buildbot/build/libmariadb/libmariadb/ma_default.c:218

    #2 0x7f07a38eebcd in mthd_my_real_connect /home/buildbot/buildbot/build/libmariadb/libmariadb/mariadb_lib.c:1201

    #3 0x7f07a38ec0b9 in mysql_real_connect /home/buildbot/buildbot/build/libmariadb/libmariadb/mariadb_lib.c:1168

    #4 0x7f07a3f0b70e in doConnect /home/sf/genero/devel/fgl/fgl/src/sqldriver/mysql/mys.c:495

...

Comments

Comment by Georg Richter [ 2017-03-20 ]

Fixed in Connector/C branch master:
commit 6bec9204f0cbcb0d1b1256f0bfccf4bf293e1c32
Author: Georg Richter <georg@mariadb.com>
Date: Mon Mar 20 07:29:51 2017 +0100

Comment by FLAESCH Sebastien [ 2017-04-24 ]

Just testing 10.2.5....

mysql_options() is no longer crashing, but it looks like it does not load user-defined config for "client" section when doing:

mysql_options(cn->dbcHandle, MYSQL_READ_DEFAULT_GROUP, "client")

I have a ~/my.cnf file with following content:

[client]

default-character-set="utf8"

But when executing SQL with UTF-8 characters the parser gets confused as if I am using another encoding:

CREATE TABLE tutf8_é日 (pk INTEGER NOT NULL PRIMARY KEY,c1_é日 CHAR (10),vc1_é日 VARCHAR (10))

Error:

You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near '�日 (pk integer NOT NULL PRIMARY KEY,c1_é日 char(10),vc1_é��' at line 1

Same code works fine with Oracle MySQL 5.7.

New bug created: ~~MDEV-12578~~

Comment by FLAESCH Sebastien [ 2017-09-26 ]

Verified with 10.2.8

Generated at Thu Feb 08 07:56:14 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.

[MDEV-12246] Double-free crash in libmariadb.so: mysql_options() Created: 2017-03-13 Updated: 2017-09-26 Resolved: 2017-03-30