| Bug #16535 | execute.c extend_buffer function use of uninitialized variable "nead" | ||
|---|---|---|---|
| Submitted: | 16 Jan 2006 13:13 | Modified: | 9 Mar 2007 11:41 |
| Reporter: | ihsan demir | Email Updates: | |
| Status: | Closed | Impact on me: | |
| Category: | Connector / ODBC | Severity: | S2 (Serious) |
| Version: | 3.51.12 | OS: | Solaris (Solaris) |
| Assigned to: | Jim Winstead | CPU Architecture: | Any |
[27 Feb 2006 21:19]
Jorge del Conde
Thanks for your bug report.
[7 Mar 2007 0:13]
Jim Winstead
This has been committed to the source repository. Thanks for the report and contribution.
[9 Mar 2007 11:41]
MC Brown
A note has been added to the 3.51.14 changelog.
Description: The problem occurs when using the driver with embedded mysql server. The lines 149-150 in execute.c should change. The code with the bug is: if ( !to || (nead= (ulong) (to - (char*) net->buff)+length) > net->max_packet-10 ) This should change to: nead= (ulong) (to - (char*) net->buff)+length; if ( !to || nead > net->max_packet-10 ) Otherwise, in embedded mysql server, the "!to" is always true and the nead is never initialized. Hence, SQLExecute function returns string format exception when using the prepared statements. How to repeat: Use embedded mysql server, use iodbc with unix (Solaris). Use the prepared statements (INSERT, UPDATE, etc) in the test program, use the ODBC API and you will get the error. Suggested fix: The problem occurs when using the driver with embedded mysql server. The lines 149-150 in execute.c should change. The code with the bug is: if ( !to || (nead= (ulong) (to - (char*) net->buff)+length) > net->max_packet-10 ) This should change to: nead= (ulong) (to - (char*) net->buff)+length; if ( !to || nead > net->max_packet-10 ) Otherwise, in embedded mysql server, the "!to" is always true and the nead is never initialized. Hence, SQLExecute function returns string format exception when using the prepared statements.