[#MDEV-26838] Garbage returned if result set contains

[MDEV-26838] Garbage returned if result set contains > 0xFFFF columns Created: 2021-10-15 Updated: 2021-10-18
Status:	Open
Project:	MariaDB Server
Component/s:	Prepared Statements
Affects Version/s:	10.6.4
Fix Version/s:	10.6

Type:

Bug

Priority:

Major

Reporter:

Georg Richter

Assignee:

Oleksandr Byelkin

Resolution:

Unresolved

Votes:

Labels:

None

Attachments:

test.cpp

Description

This bug affects all versions and was found by Markus Makela.

While text protocol uses length encoded int value for number of columns in a resultset, binary protocol uses a fixed 2 byte length (maximum 65535 columns).
When executing a statement with 65540 columns (0xFFFF+5), the server returns no error, but returns column_count=5, followed by metadata (containing 65540 field descriptions)

Comments

Comment by Sergei Golubchik [ 2021-10-18 ]

I think we should simply disallow >0xFFFF columns. Older versions might be affected too.

Comment by Vladislav Vaintroub [ 2021-10-18 ]

For server side prepared statement, maybe we can disallow this. I would not break what's not broken, (i.e I would not break "text protocol", for the sake of prepared statement), there is a possibility that somebody is relying on > 0xffff columns.

Generated at Thu Feb 08 09:48:20 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.

[MDEV-26838] Garbage returned if result set contains > 0xFFFF columns Created: 2021-10-15 Updated: 2021-10-18