Bug #116860 | mysql_stmt_bind_named_param() not respecting CLIENT_QUERY_ATTRIBUTES capability | ||
---|---|---|---|
Submitted: | 3 Dec 2024 23:06 | Modified: | 6 Dec 2024 4:56 |
Reporter: | Yoni Shalom | Email Updates: | |
Status: | Verified | Impact on me: | |
Category: | MySQL Server: C API (client library) | Severity: | S3 (Non-critical) |
Version: | OS: | Any | |
Assigned to: | CPU Architecture: | Any |
[3 Dec 2024 23:06]
Yoni Shalom
[4 Dec 2024 11:47]
MySQL Verification Team
Hi, Thank you for the report. I verified it. I reduced the severity to S3 as this is not a S1 bug. One could discuss if this is a bug at all as if you do not want to enable CLIENT_QUERY_ATTRIBUTES it is up to you to make sure you are binding proper number of parameters. I'd use printf() as comparison example, if your number of parameters to printf do not match the format string you can get all kind of errors / crashes in your code, but that is not a bug in printf() but in your code. Same here. Anyhow, I did verify the report so we will see what the appropriate team will say about it, maybe we can make this safer. Thanks for using MySQL
[6 Dec 2024 4:56]
Yoni Shalom
> if you do not want to enable CLIENT_QUERY_ATTRIBUTES it is up to you to make sure you are binding proper number of parameters. Since this has the potential of returning incorrect data, its probably best to be made safe (fail fast or similar) both on server and client end.
[6 Dec 2024 19:43]
MySQL Verification Team
Hi, I do partially agree hence I verified the bug.