Bug #53699 MySQL gives wrong error when the arg COM_FIELD_LIST's ist too long
Submitted: 17 May 2010 12:20 Modified: 4 May 2015 12:31
Reporter: Andrey Hristov Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Server: Errors Severity:S2 (Serious)
Version:5.1.48 OS:Any
Assigned to: Assigned Account CPU Architecture:Any

[17 May 2010 12:20] Andrey Hristov 
Description:
The fix for the crashing COM_FIELD_LIST (Bug #53237), which will appear in 5.1.48 treats too much data (>NAME_LEN) for COM_FIELD_LIST) by returning an error message. The problem is that the error message is wrong and confusing.

    if (arg_length >= packet_length || arg_length > NAME_LEN)
    {
      my_message(ER_UNKNOWN_COM_ERROR, ER(ER_UNKNOWN_COM_ERROR), MYF(0));
      break;
    }

The error is wrong, because we know the command is COM_FIELD_LIST is being executed and it exists. If correct data is given to the server it won't give back to the user ER_UNKNOWN_COM_ERROR. Possible error code is ER_WRONG_TABLE_NAME.

How to repeat:
sql_parse.cc: 

   if (arg_length >= packet_length || arg_length > NAME_LEN)
    {
      my_message(ER_UNKNOWN_COM_ERROR, ER(ER_UNKNOWN_COM_ERROR), MYF(0));
      break;
    }

Suggested fix:
Change the error returned
[17 May 2010 13:25] MySQL Verification Team 
Thank you for the bug report.
[4 May 2015 11:23] Catalin Besleaga 
Posted by developer:
 
Bug was fixed in the WL#7126.

The error message and the length check that was previously made in sql_parse.cc were moved to parse_packet method in protocol_classic.cc:938:

if (len >= packet_length || len > NAME_LEN)
      goto malformed;
...

malformed:
  my_error(ER_MALFORMED_PACKET, MYF(0));

The error was changed to ER_MALFORMED_PACKET("Malformed communication packet.")
[4 May 2015 12:31] Paul DuBois 
Noted in 5.7.8, 5.8.0 changelogs.

The error produced for a COM_FIELD_LIST command with too much data
was changed from ER_UNKNOWN_COM_ERROR to the more informative
ER_MALFORMED_PACKET.