| Bug #7003 | malloc return value not checked | ||
|---|---|---|---|
| Submitted: | 4 Dec 2004 4:22 | Modified: | 3 Aug 2005 22:39 |
| Reporter: | R Koo | ||
| Status: | Closed | ||
| Category: | Server | Severity: | S3 (Non-critical) |
| Version: | 5.0.1 alpha | OS: | Microsoft Windows (Windows XP) |
| Assigned to: | Jim Winstead | Target Version: | |
[24 Jun 2005 22:40]
Bugs System
A patch for this bug has been committed. After review, it may be pushed to the relevant source trees for release in the next version. You can access the patch from: http://lists.mysql.com/internals/26421
[24 Jul 2005 14:18]
Sela Lerer
Got the same problem on WIN XP without using the mysql_init() allocation.
[24 Jul 2005 14:19]
Sela Lerer
The code:
#include <stdio.h>
#include <windows.h>
#include <mysql.h>
#define CONNECTION_COUNT 4
void printMemStat(void)
{
MEMORYSTATUS memStat;
GlobalMemoryStatus(&memStat);
printf("FREE MEMORY %uK/%uK
(%3.2lf%%)\n",memStat.dwAvailVirtual/1024,memStat.dwTotalVirtual/1024
,((double)memStat.dwAvailVirtual/(double)memStat.dwTotalVirtual)*100);
printf("USED MEMORY %uK\n",(memStat.dwTotalVirtual-memStat.dwAvailVirtual)/1024);
}
int main(int argc, char *argv[])
{
if(mysql_thread_safe())
{
static MYSQL conn[CONNECTION_COUNT];
int connected[CONNECTION_COUNT]={0};
int i=0;
my_init();
printf("START: ");
printMemStat();
for(i=0;i<CONNECTION_COUNT;i++)
{
printf("Before connection %d...\n",i);
printMemStat();
getchar();
if(NULL!=mysql_real_connect(&conn[i],"localhost","root","sela90","kevin",3306,NULL,CLIE
NT_MULTI_STATEMENTS))
{
connected[i]=1;
printf("Connected %d successfully.\n",i);
printMemStat();
}
else
{
fprintf(stderr,"mysql_real_connect() %d error: %s\n",i,mysql_error(&conn[i]));
}
}
for(i=0;i<CONNECTION_COUNT;i++)
{
if(connected[i])
{
printf("Before closing connection %d...\n",i);
printMemStat();
getchar();
mysql_close(&conn[i]);
printf("Closed connection %d.\n",i);
printMemStat();
}
}
printf("Before mysql_thread_end()....\n");
getchar();
mysql_thread_end();
printf("EXIT: ");
printMemStat();
getchar();
}
else
{
fprintf(stderr,"MySQL client library is not thread safe. Exiting.\n");
getchar();
}
return 0;
}
[24 Jul 2005 14:21]
Sela Lerer
Ooops, wrong bug, this belongs to bug #7619.
[3 Aug 2005 4:53]
Jim Winstead
Fixed in 5.0.14.
[3 Aug 2005 22:39]
Mike Hillyer
Documented in 5.0.11 changelog: <listitem><para>Added checks to prevent error when allocating memory when there was insufficient memory available. (Bug #7003)</para></listitem>
Description: Several places in the code do not check the buffer returned by malloc to make sure it was actually allocated. In low memory conditions this call could fail, causing a null pointer exception later in the code. In most places the return value is checked so these seem to be exceptions rather than the norm. This happens in the following four places: mysqld.cpp:3220 - account_name=(char*)malloc(27); ctype-tis620.c:545 - tc1= (uchar*) malloc(len1+len2); ctype-tis620:577 - a= (uchar*) malloc(a_length+b_length); regcomp.c:1066 - p->g->sets = (cset *)malloc(nc *sizeof(cset)); else p->g->sets = (cset *)realloc((char *)p->g->sets, nc * sizeof(cset)); How to repeat: Not Applicable Suggested fix: Check return buffer to make sure it is not null.