Bug #31244 | NULL pointer dereference in net_clear() | ||
---|---|---|---|
Submitted: | 27 Sep 2007 14:43 | Modified: | 28 Feb 2009 19:58 |
Reporter: | Robert Obermeyer | Email Updates: | |
Status: | Duplicate | Impact on me: | |
Category: | MySQL Server: C API (client library) | Severity: | S2 (Serious) |
Version: | 5.0.45 and 5.1.21-beta | OS: | Any |
Assigned to: | CPU Architecture: | Any |
[27 Sep 2007 14:43]
Robert Obermeyer
[27 Sep 2007 17:20]
Valeriy Kravchuk
Thank you for a problem report. Please, send the resolved stack trace from any of the segmentation faults you can cause this way.
[27 Sep 2007 19:17]
Robert Obermeyer
Here it comes. #3 is part of my program. [...] Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 0x8056a00 (LWP 100119)] 0x281e9ab4 in net_clear (net=0x8064800) at net.c:227 227 { (gdb) info stack #0 0x281e9ab4 in net_clear (net=0x8064800) at net.c:227 #1 0x281c1a5f in cli_stmt_execute (stmt=0x8081000) at libmysql.c:2557 #2 0x281c4d96 in mysql_stmt_execute (stmt=0x8081000) at libmysql.c:2904 #3 0x281ae4cf in get_mysql_row (id=87, stmt=0x8081000, statement=0x281b1290, result=0xbf5f9aec) at program.c:254 [...]
[27 Sep 2007 19:19]
Robert Obermeyer
This is the net parameter for net_clear(). vio = 0x0 causes the NULL pointer dereference and thus the segmentation fault. (gdb) print *(NET *)0x8064800 $1 = {vio = 0x0, buff = 0x0, buff_end = 0x8076000 "", write_pos = 0x8074000 "\025", read_pos = 0x8074000 "\025", fd = 7, max_packet = 8192, max_packet_size = 1073741824, pkt_nr = 1, compress_pkt_nr = 0, write_timeout = 31536000, read_timeout = 31536000, retry_count = 1, fcntl = 0, compress = 0 '\0', remain_in_buf = 0, length = 0, buf_length = 0, where_b = 0, return_status = 0x0, reading_or_writing = 0 '\0', save_char = 0 '\0', no_send_ok = 0 '\0', no_send_eof = 0 '\0', no_send_error = 0 '\0', last_error = "Can't connect to local MySQL server through socket '/tmp/mysql.sock' (2)", '\0' <repeats 439 times>, sqlstate = "HY000", last_errno = 2002, error = 2 '\002', query_cache_query = 0x0, report_error = 0 '\0', return_errno = 0 '\0'}
[11 Dec 2007 11:29]
Susanne Ebrecht
Please, can you add your testcase here.
[12 Jan 2008 0:00]
Bugs System
No feedback was provided for this bug for over a month, so it is being suspended automatically. If you are able to provide the information that was originally requested, please do so and change the status of the bug back to "Open".
[13 Feb 2008 17:42]
Susanne Ebrecht
Verified by reading bk tree source code.
[23 Apr 2008 12:49]
Simon Schmitz
Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 0x2b47a67281a0 (LWP 12255)] 0x00002b47ac43cfb4 in net_clear () from /usr/lib/libmysqlclient.so.15 (gdb) bt #0 0x00002b47ac43cfb4 in net_clear () from /usr/lib/libmysqlclient.so.15 #1 0x00002b47ac4122e8 in cli_stmt_execute () from /usr/lib/libmysqlclient.so.15 #2 0x00002b47ac411f15 in mysql_stmt_execute () from /usr/lib/libmysqlclient.so.15 #3 0x00002b47ac1867a8 in mysql_st_internal_execute41 () from /usr/lib/perl5/auto/DBD/mysql/mysql.so #4 0x00002b47ac18ba85 in mysql_st_execute () from /usr/lib/perl5/auto/DBD/mysql/mysql.so #5 0x00002b47ac1929c7 in XS_DBD__mysql__st_execute () from /usr/lib/perl5/auto/DBD/mysql/mysql.so #6 0x00002b47abd6b28f in XS_DBI_dispatch () from /usr/lib/perl5/auto/DBI/DBI.so #7 0x00002b47a585fdd3 in Perl_pp_entersub () from /usr/lib/libperl.so.5.8 #8 0x00002b47a585e63e in Perl_runops_standard () from /usr/lib/libperl.so.5.8 #9 0x00002b47a5808eef in perl_run () from /usr/lib/libperl.so.5.8 #10 0x000000000040185c in main ()
[22 Jan 2009 21:16]
Sveta Smirnova
There is related bug #33384.
[28 Feb 2009 19:58]
Jim Winstead
This isn't just related to bug #33384, it's a duplicate. Although it was opened later, that report has more information and a suggested fix. We'll track it there.