Bug #15328 Segmentation fault occured if my.cnf is invalid for escape sequence
Submitted: 29 Nov 2005 20:44 Modified: 9 Jun 2006 15:54
Reporter: Tetsuro Ikeda Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Server Severity:S3 (Non-critical)
Version:5.0.16/5.0.17/4.1 OS:Linux (SuSE Linux 9.1 / Windows2000Pro)
Assigned to: Magnus Blåudd CPU Architecture:Any

[29 Nov 2005 20:44] Tetsuro Ikeda
Description:
mysqld, mysql, mysqldump, mysqlimport and maybe also all binaries can't run if my.cnf includes invalid expression for escape sequence like following:

---this is my.cnf---

[mysqldump]
fields-optionally-enclosed-by="

----------------------

The my.cnf above is wrong. " should be replaced by \".
But anyway, this invalid my.cnf cause segmentation fault for all mysql's binaries.

How to repeat:
1. Make a my.cnf file like above.

2. Try like followings:

mir@linux:/usr/local/mysql> ./bin/mysqld
Segmentation fault
mir@linux:/usr/local/mysql> ./bin/mysql
Segmentation fault
mir@linux:/usr/local/mysql> ./bin/mysqlimport
Segmentation fault
mir@linux:/usr/local/mysql> ./bin/mysqldump
Segmentation fault

I could not get any error console, error log file except the above error message.

If you try this on windows, you will not get error message but same as on linux.

Suggested fix:
The parser for my.cnf should handle this user setting error properly.
[29 Nov 2005 21:06] Miguel Solorzano
I was able for to repeat with 5.0 and unable to repeat with 4.1:

(gdb) run --defaults-file=/home/miguel/dbs/5.0/var/my.cnf
Starting program: /home/miguel/dbs/5.0/libexec/mysqld --defaults-file=/home/miguel/dbs/5.0/var/my.cnf
[Thread debugging using libthread_db enabled]
[New Thread 1077009184 (LWP 26013)]

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 1077009184 (LWP 26013)]
0x085a4dcd in search_default_file_with_ext (opt_handler=0x85a3f25 <handle_default_option>, handler_ctx=0xbf91cb74, dir=0x86bdced "", 
    ext=0x86bdced "", config_file=0xbf91d49e "/home/miguel/dbs/5.0/var/my.cnf", recursion_level=0) at default.c:768
768             if (*value == '\\' && value != value_end-1)
Current language:  auto; currently c
(gdb)
[30 Nov 2005 19:17] Miguel Solorzano
I was now able to repeat with mysql client on 4.1:

miguel@hegel:~/dbs/4.1> bin/mysql -uroot
Segmentation fault
[26 Apr 2006 15:37] Bugs System
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/5588
[11 May 2006 12:13] Bugs System
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/6248
[29 May 2006 6:56] Magnus Blåudd
Pushed to 4.1.20
[29 May 2006 11:01] Magnus Blåudd
Pushed to 5.0.23
[7 Jun 2006 9:23] Magnus Blåudd
Pushed to 5.1.12
[9 Jun 2006 15:54] Paul Dubois
Noted in 4.1.21 (4.1.20 was a security-fix release), 5.0.23, 5.1.12 changelogs.

Invalid escape sequences in option files caused MySQL programs that
read them to abort.