[MDEV-9773] Memory corruption in mariadb_dyncol_unpack Created: 2016-03-22  Updated: 2016-03-24  Resolved: 2016-03-24

Status: Closed
Project: MariaDB Server
Component/s: Dynamic Columns
Affects Version/s: 10.1.12, 10.2.0
Fix Version/s: 10.0.25, 10.1.13

Type: Bug Priority: Critical
Reporter: Georg Richter Assignee: Oleksandr Byelkin
Resolution: Fixed Votes: 0
Labels: None
Environment:

Windows, VS 2015 Debug

Issue Links:
Relates
relates to CONC-169 Memory corruption in mariadb_dyncol_u... Closed

 Description   

The following code crashes due to memory corruption

static int dyncol_win_crash()
 
{
 
  int rc;
 
  uint i;
 
  uint num_keys[5]= {1,2,3,4,5};
 
  char *strval[]= {"Val1", "Val2", "Val3", "Val4", "Val5"};
 
  DYNAMIC_COLUMN_VALUE vals[5];
 
  DYNAMIC_COLUMN dynstr;
 
  MYSQL_LEX_STRING my_key= {"1", 2};
 
  uint unpack_columns= 0;
 
  MYSQL_LEX_STRING *unpack_keys= 0;
 
  DYNAMIC_COLUMN_VALUE *unpack_vals= 0;
 
 
 
  for (i=0; i < 5; i++)
 
  {
 
    vals[i].type= DYN_COL_STRING;
 
    vals[i].x.string.value.str= strval[i];
 
    vals[i].x.string.value.length= strlen(strval[i]);
 
    vals[i].x.string.charset= &my_charset_latin1;
 
  }
 
 
 
  mariadb_dyncol_init(&dynstr);
 
 
 
  /* create numeric */
 
  rc= mariadb_dyncol_create_many_num(&dynstr, 5, num_keys, vals, 1);
 
 
 
  rc= mariadb_dyncol_unpack(&dynstr, &unpack_columns, &unpack_keys, &unpack_vals);
 
  for (i=0; i < unpack_columns; i++)
 
    if (memcmp(unpack_vals[i].x.string.value.str, vals[i].x.string.value.str, vals[i].x.string.value.length))
 
      printf("Error1: key: %1s val: %s %s}\n", unpack_keys[i].str, unpack_vals[i].x.string.value.str, vals[i].x.string.value.str);
 
 
 
  free(unpack_keys);
 
  free(unpack_vals);
 
}

FYI: It works as expected on Linux.
This issue affects also Connector/C 2.2.x and C/C 3.0.
Generated at Thu Feb 08 07:37:13 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.