Bug #93 | 4.1 protocl crash on corupted frm and SHOW TABLE STATUS | ||
---|---|---|---|
Submitted: | 24 Feb 2003 11:17 | Modified: | 26 Feb 2003 0:19 |
Reporter: | Sergei Golubchik | Email Updates: | |
Status: | Closed | Impact on me: | |
Category: | MySQL Server | Severity: | S2 (Serious) |
Version: | OS: | ||
Assigned to: | Bugs System | CPU Architecture: | Any |
[24 Feb 2003 11:17]
Sergei Golubchik
[24 Feb 2003 15:09]
Venu Anuganti
Dear serg, Thanks for the nice bug report, and this is now fixed in the current development version. What is happening is that in mysqld_extend_show_tables(), if it can't open the .frm file(open_ltable()), then the Comment field(count 16) is supposed to contain the error message from 'SHOW TABLE STATUS', but currently it is returning a 0 length string and error is sent to next 2 higher levels of field count(count 18), which is obviously wrong. I fixed this in 4.1 tree to send this correctly. I will also back port this to mysql 3.23 and 4.0 as they also do the same thing, and they aren't caught because of no internal debug asserts for them not no test is covering to catch this error message from the Comment field. But the server->client packet is always sending extra two fields data in this case, and they are ignored at the client end which buffering using 'read_rows'. I also added a test 'test_frm_bug()' in tests/client_test.c for this case to manually check for the error message. Thanks
[24 Feb 2003 15:09]
Venu Anuganti
Dear serg, Thanks for the nice bug report, and this is now fixed in the current development version. What is happening is that in mysqld_extend_show_tables(), if it can't open the .frm file(open_ltable()), then the Comment field(count 16) is supposed to contain the error message from 'SHOW TABLE STATUS', but currently it is returning a 0 length string and error is sent to next 2 higher levels of field count(count 18), which is obviously wrong. I fixed this in 4.1 tree to send this correctly. I will also back port this to mysql 3.23 and 4.0 as they also do the same thing, and they aren't caught because of no internal debug asserts for them not no test is covering to catch this error message from the Comment field. But the server->client packet is always sending extra two fields data in this case, and they are ignored at the client end which buffering using 'read_rows'. I also added a test 'test_frm_bug()' in tests/client_test.c for this case to manually check for the error message. Thanks
[26 Feb 2003 0:19]
Michael Widenius
Thank you for your bug report. This issue has already been fixed in the latest released version of that product, which you can download at http://www.mysql.com/downloads/ This is fixed in 3.23.56 and will be merged to other trees shortly
[13 Oct 2005 13:52]
Bugs System
A patch for this bug has been committed. After review, it may be pushed to the relevant source trees for release in the next version. You can access the patch from: http://lists.mysql.com/internals/31028