Bug #47231 Segfault using prepared statements with parameters and non-client error codes
Submitted: 10 Sep 2009 4:13 Modified: 10 Oct 2009 6:50
Reporter: Chris Wright Email Updates:
Status: No Feedback Impact on me:
None 
Category:MySQL Server: C API (client library) Severity:S3 (Non-critical)
Version:5.0 OS:Linux
Assigned to: CPU Architecture:Any
Tags: Contribution

[10 Sep 2009 4:13] Chris Wright 
Description:
The ER(int) macro defined in /include/errmsg.h is defined as:
#define ER(x) client_error[(x) - CR_MIN_ERR]

If x is not in the range 2000 <= x <= CR_ERROR_LAST, this produces a segmentation fault.

In my_realloc_str in libmysql/libmysql.c, there is a call to ER(net->last_errno). This does not need to be a client error; in particular, it could be 1153, Got a bigger packet than 'max_allowed_packet'.

How to repeat:
Use a prepared statement with a parameter with a size larger than max_allowed_packet.

Suggested fix:
Change the ER macro to:
#define ER(X) (((X) < CR_MIN_ERR || (X) > CR_ERROR_LAST) ? NULL : client_error[(x) - CR_MIN_ERR]

This will erase the error if it is not within the proper range when reallocating the NET structure. However, this is better than segfaulting.
[10 Sep 2009 6:50] Sveta Smirnova 
Thank you fro the report.

I can not repeat described behavior: ger proper "string(51) "Got a packet bigger than 'max_allowed_packet' bytes"" error

Please provide test case demonstrating the problem.
[10 Oct 2009 23:00] Bugs System 
No feedback was provided for this bug for over a month, so it is
being suspended automatically. If you are able to provide the
information that was originally requested, please do so and change
the status of the bug back to "Open".