| Bug #2795 | prepare + execute without bind_param crashes server | ||
|---|---|---|---|
| Submitted: | 14 Feb 2004 11:52 | Modified: | 15 Mar 2004 9:49 |
| Reporter: | Georg Richter | Email Updates: | |
| Status: | Closed | Impact on me: | |
| Category: | MySQL Server | Severity: | S3 (Non-critical) |
| Version: | 4.1 | OS: | Linux (Linux/Windows) |
| Assigned to: | Konstantin Osipov | CPU Architecture: | Any |
[14 Feb 2004 12:02]
Konstantin Osipov
Georg, thank you for your bug report. It seems we already had this bug reported, and we even were fixing it... Regarding suggested fix, if server crashes a fix should be in server code.
[17 Feb 2004 20:29]
MySQL Verification Team
Tested against a server from BK tree 2 days older.
/sql_prepare.cpp
else
{
param->maybe_null= param->null_value= 0;
param->setup_param_func(param,&read_pos);
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
}
Call stack:
a5a5a5a5()
> mysqld.exe!insert_params(Prepared_statement * stmt=0x02f044a0, unsigned char * pos=0x02ef4f85, unsigned char * read_pos=0x02ef4f87) Line 473 + 0x11 C++
mysqld.exe!setup_params_data(Prepared_statement * stmt=0x02f044a0) Line 506 + 0x15 C++
mysqld.exe!mysql_stmt_execute(THD * thd=0x02ef37b8, char * packet=0x02ef4f81) Line 1026 + 0x15 C++
mysqld.exe!dispatch_command(enum_server_command command=COM_EXECUTE, THD * thd=0x02ef37b8, char * packet=0x02ef4f81, unsigned int packet_length=7) Line 1377 + 0xd C++
mysqld.exe!do_command(THD * thd=0x02ef37b8) Line 1237 + 0x31 C++
mysqld.exe!handle_one_connection(void * arg=0x02ef37b8) Line 1003 + 0x9 C++
mysqld.exe!pthread_start(void * param=0x02ef4cf8) Line 63 + 0x7 C
mysqld.exe!_threadstart(void * ptd=0x02efbdf0) Line 173 + 0xd C
kernel32.dll!77e6d33b()
[22 Feb 2004 14:16]
Konstantin Osipov
This seems to spot the same issue as bug #2473 No test case is possible too.
[26 Feb 2004 8:03]
MySQL Verification Team
A bug fix has been propsed for this problem.
[15 Mar 2004 9:49]
Konstantin Osipov
Fixed in 4.1.2: bk commit - 4.1 tree (konstantin:1.1790)
Description: when calling mysql_prepare + mysql_execute without binding parameters server crashes: How to repeat: #include <mysql.h> #include <stdio.h> int main() { MYSQL *mysql; MYSQL_STMT *stmt; char query[512]; mysql = mysql_init(NULL); mysql_real_connect(mysql, "localhost", "root", "", "test", 0, NULL, 0); mysql_query(mysql, "DROP TABLE IF EXISTS t1"); mysql_query(mysql, "CREATE TABLE t1 (a int, b varchar(20))"); mysql_query(mysql, "INSERT INTO t1 VALUES(1,'is this a bug?')"); strcpy(query, "SELECT a,b FROM t1 WHERE a=?"); stmt = mysql_prepare(mysql, query, strlen(query)); /* Boooom! */ mysql_execute(stmt); mysql_stmt_close(stmt); mysql_close(mysql); return(0); } Suggested fix: int STDCALL mysql_execute(MYSQL_STMT *stmt) { DBUG_ENTER("mysql_execute"); + + if (stmt->param_count && !stmt->param_buffers) { + set_stmt_error(stmt, CR_INVALID_PARAMETER_NO, unknown_sqlstate); + DBUG_RETURN(1); + } if ((*stmt->mysql->methods->stmt_execute)(stmt)) DBUG_RETURN(1);