| Bug #43078 | field-count for more than 251 fields is decoded wrongly | ||
|---|---|---|---|
| Submitted: | 21 Feb 2009 13:25 | Modified: | 17 Aug 2009 15:16 |
| Reporter: | Jan Kneschke | Email Updates: | |
| Status: | Closed | Impact on me: | |
| Category: | MySQL Proxy: Core | Severity: | S3 (Non-critical) |
| Version: | 0.7.0-bzr | OS: | Any |
| Assigned to: | Kay Roepke | CPU Architecture: | Any |
[21 Feb 2009 16:36]
Jan Kneschke
Patch is pushed to https://code.launchpad.net/~jan-kneschke/mysql-proxy/bug-43078
[5 Mar 2009 13:26]
Jan Kneschke
Merged into lp:mysql-proxy
[17 Aug 2009 15:16]
MC Brown
A note has been added to the 0.7.1 changelog: Result sets with more than 250 fields could cause MySQL Proxy to crash.
Description: result-sets with more can 250 fields are handled incorrectly: 251, 252 fields lead to a assertion 253 and higher are capped to 252 fields. How to repeat: $ cat bug-field-len.lua function read_query(packet) if not packet:byte() == proxy.COM_QUERY then return end proxy.queries:append(1, packet, { resultset_is_needed = true }) return proxy.PROXY_SEND_QUERY end function read_query_result(inj) print("fields: " .. #inj.resultset.fields) end $ mysql-proxy --proxy-lua-script=bug-field-len.lua $ perl -e 'for ($i=249;$i<260;$i++) { print "SELECT 1". ",1"x$i . "\n";}' | \ mysql --host=192.168.2.110 --port=4040 fields: 1 ** ERROR:network-mysqld-packet.c:666:network_mysqld_proto_get_fielddefs: assertion failed: (chunk) Abort trap Suggested fix: src/network-mysqld-packet.c -> network_mysqld_proto_get_fielddefs() err = err || network_mysqld_proto_get_int8(&packet, &field_count); /* the byte after the net-header is the field-count */ should be err = err || ... get_lenenc(...); Several lua-examples use string.byte() to get the field-length.