Bug #81213 Segmentation fault when inserting a large string
Submitted: 27 Apr 2016 16:49 Modified: 13 Dec 2016 14:47
Reporter: Martin O'Neal Email Updates:
Status: Closed Impact on me:
None 
Category:Connector / C++ Severity:S3 (Non-critical)
Version:libmysqlcppconn.so.7.1.1.3 libmysqlclien OS:Ubuntu (Wiley)
Assigned to: CPU Architecture:Any

[27 Apr 2016 16:49] Martin O'Neal 
Description:
I have a repeatable segmentation fault when using prepared statements with large chunks of data bound to a mediumblob data type. I searched the outstanding bugs, but couldn't find anything relevant, plus left a question on the forums for a few weeks (without comment) before I created this new bug.

My code is well established and has been working in a variety of iterations for years, but I noticed recently that one subroutine that loads files into a database was failing on a new example, which was larger than prior files.

The code is fully unit tested, and larger read and writes are working as expected within the tests.

When I looked at the failing section, the parameter had been bound to a std::string using setString, rather than a stream and setBlob. In all cases, the segmentation fault was triggered when execute was issued.

Off the back of this, I added additional tests and the results I found were:

setString fails at ~250k with a segmentation fault
getString, setBlob and getBlob all work fine, and appear only limited by max_allowed_packet

I’m a bit of an anal coder, and the compiler generates no warnings, plus a valgrind run with a smaller file generates no errors at all.

With a large file, the segmentation fault is generated, and valgrind reports (heavily abridged):
Conditional jump or move depends on uninitialised value(s)
Uninitialised value was created by a stack allocation
sql::mysql::MySQL_Prepared_Statement::execute() (in /usr/lib/libmysqlcppconn.so.7.1.1.3)

Which looks like the library code has tried to allocate the string on the stack, failed, but has not checked the return before using it.

Code versions:
libmysqlcppconn.so.7.1.1.3
libmysqlclient.so.18.1.0

How to repeat:
table with MEDIUMBLOB

C++ Connector

Prepare()
SetString( std::string > 250k )
Execute()
[2 May 2016 10:21] Chiranjeevi Battula 
Hello Martin O'Neal,

Thank you for the bug report.
Verified based on internal discussion with dev's.

Thanks,
Chiranjeevi.
[13 Dec 2016 9:07] Rafal Somla 
Posted by developer:
 
Correcting status.
[13 Dec 2016 14:07] Paul DuBois 
Posted by developer:
 
Noted in 1.1.8 changelog.

A segmentation fault could occur for attempts to insert a large
string using a prepared statement.
[13 Dec 2016 14:47] Martin O'Neal 
The latest code available for download at this point is 7.1.1.7 any idea when 7.1.1.8 will enter the public domain?
[16 Dec 2016 20:54] Luis Silva 
Hello Martin O'Neal,

Just now!

Cheers,
Luís Silva