Bug #36322 mysql client segfaults with empty input in non-interactive mode
Submitted: 24 Apr 2008 15:58 Modified: 24 Apr 2008 17:29
Reporter: Zak Kipling Email Updates:
Status: Duplicate Impact on me:
Category:MySQL Server: Command-line Clients Severity:S3 (Non-critical)
Version:5.0.54, 5.1.23-rc OS:Any
Assigned to: CPU Architecture:Any

[24 Apr 2008 15:58] Zak Kipling
If I run "mysql </dev/null", I get a segfault from the client binary:

$ mysql --version
mysql  Ver 14.12 Distrib 5.0.54, for pc-linux-gnu (x86_64) using readline 5.2

$ mysql /dev/null
Segmentation fault

$ gdb mysql
(gdb) run </dev/null
Program received signal SIGSEGV, Segmentation fault.
read_and_execute (interactive=false) at mysql.cc:1062
(gdb) bt
#0  read_and_execute (interactive=false) at mysql.cc:1062
#1  0x000000000040b98c in main (argc=9, argv=0x6173a8) at mysql.cc:499
(gdb) list
1057            Skip UTF8 Byte Order Marker (BOM) 0xEFBBBF.
1058            Editors like "notepad" put this marker in
1059            the very beginning of a text file when
1060            you save the file using "Unicode UTF-8" format.
1061          */
1062          if (!line_number &&
1063               (uchar) line[0] == 0xEF &&
1064               (uchar) line[1] == 0xBB &&
1065               (uchar) line[2] == 0xBF)
1066            line+= 3;
(gdb) p line_number
$1 = 0
(gdb) p line[0]
Cannot access memory at address 0x0
(gdb) p line[1]
Cannot access memory at address 0x1
(gdb) p line[2]
Cannot access memory at address 0x2

The problem appears to be that this logic isn't testing for "line" being NULL before dereferencing it.

How to repeat:
Run "mysql </dev/null" (with appropriate connection options to actually connect to a database if necessary).

Suggested fix:
Add "line &&" to the start of that conditional.
[24 Apr 2008 17:29] Valeriy Kravchuk
This is a duplicate of http://bugs.mysql.com/bug.php?id=35480 and/or http://bugs.mysql.com/bug.php?id=34626.