Bug #15328 Segmentation fault occured if my.cnf is invalid for escape sequence
Submitted: 29 Nov 2005 21:44 Modified: 9 Jun 2006 17:54
Reporter: Tetsuro Ikeda
Status: Closed
Category:Server Severity:S3 (Non-critical)
Version:5.0.16/5.0.17/4.1 OS:Linux (SuSE Linux 9.1 / Windows2000Pro)
Assigned to: Magnus Blaudd Target Version:

[29 Nov 2005 21:44] Tetsuro Ikeda 
Description:
mysqld, mysql, mysqldump, mysqlimport and maybe also all binaries can't run if my.cnf
includes invalid expression for escape sequence like following:

---this is my.cnf---

[mysqldump]
fields-optionally-enclosed-by="

----------------------

The my.cnf above is wrong. " should be replaced by \".
But anyway, this invalid my.cnf cause segmentation fault for all mysql's binaries.

How to repeat:
1. Make a my.cnf file like above.

2. Try like followings:

mir@linux:/usr/local/mysql> ./bin/mysqld
Segmentation fault
mir@linux:/usr/local/mysql> ./bin/mysql
Segmentation fault
mir@linux:/usr/local/mysql> ./bin/mysqlimport
Segmentation fault
mir@linux:/usr/local/mysql> ./bin/mysqldump
Segmentation fault

I could not get any error console, error log file except the above error message.

If you try this on windows, you will not get error message but same as on linux.

Suggested fix:
The parser for my.cnf should handle this user setting error properly.
[29 Nov 2005 22:06] Miguel Solorzano 
I was able for to repeat with 5.0 and unable to repeat with 4.1:

(gdb) run --defaults-file=/home/miguel/dbs/5.0/var/my.cnf
Starting program: /home/miguel/dbs/5.0/libexec/mysqld
--defaults-file=/home/miguel/dbs/5.0/var/my.cnf
[Thread debugging using libthread_db enabled]
[New Thread 1077009184 (LWP 26013)]

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 1077009184 (LWP 26013)]
0x085a4dcd in search_default_file_with_ext (opt_handler=0x85a3f25
<handle_default_option>, handler_ctx=0xbf91cb74, dir=0x86bdced "", 
    ext=0x86bdced "", config_file=0xbf91d49e "/home/miguel/dbs/5.0/var/my.cnf",
recursion_level=0) at default.c:768
768             if (*value == '\\' && value != value_end-1)
Current language:  auto; currently c
(gdb)
[30 Nov 2005 20:17] Miguel Solorzano 
I was now able to repeat with mysql client on 4.1:

miguel@hegel:~/dbs/4.1> bin/mysql -uroot
Segmentation fault
[26 Apr 2006 17:37] Bugs System 
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/5588
[11 May 2006 14:13] Bugs System 
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/6248
[29 May 2006 8:56] Magnus Blaudd 
Pushed to 4.1.20
[29 May 2006 13:01] Magnus Blaudd 
Pushed to 5.0.23
[7 Jun 2006 11:23] Magnus Blaudd 
Pushed to 5.1.12
[9 Jun 2006 17:54] Paul DuBois 
Noted in 4.1.21 (4.1.20 was a security-fix release), 5.0.23, 5.1.12 changelogs.

Invalid escape sequences in option files caused MySQL programs that
read them to abort.