Bug #49972 Crash in prepared statements
Submitted: 29 Dec 2009 10:40 Modified: 15 Mar 2010 16:03
Reporter: Alexander Nozdrin Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Server: Prepared statements Severity:S1 (Critical)
Version:next-mr, 5.5-m3 OS:Any
Assigned to: Konstantin Osipov
Triage: Triaged: D1 (Critical)

[29 Dec 2009 10:40] Alexander Nozdrin
Description:
The following case lead to a server crash:
  - Use binary protocol;
  - Prepare a statement with OUT-parameter;
  - Execute the statement;
  - Cause re-prepare of the statement (change dependencies);
  - Execute the statement again -- crash.

How to repeat:
Check out attached test case for mysql_client_test.cc.
[29 Dec 2009 10:41] Alexander Nozdrin
Test case for mysql_client_test.c

Attachment: test_bug49972.c (text/x-csrc), 2.26 KiB.

[29 Dec 2009 15:50] Bugs System
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/95796

3045 Alexander Nozdrin	2009-12-29
      A test case for Bug#49972 (Crash in prepared statements).
[29 Dec 2009 18:12] Bugs System
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/95799

3046 Alexander Nozdrin	2009-12-29
      Disable test case for Bug#49972.
[16 Feb 2010 16:46] Bugs System
Pushed into 6.0.14-alpha (revid:alik@sun.com-20100216101445-2ofzkh48aq2e0e8o) (version source revid:dlenev@mysql.com-20091231081605-n5epraxs9xaygw1v) (merge vers: 6.0.14-alpha) (pib:16)
[16 Feb 2010 16:56] Bugs System
Pushed into mysql-next-mr (revid:alik@sun.com-20100216101208-33qkfwdr0tep3pf2) (version source revid:alik@sun.com-20091229181206-orcz2pbqczs7ps2f) (pib:16)
[6 Mar 2010 11:01] Bugs System
Pushed into 5.5.3-m3 (revid:alik@sun.com-20100306103849-hha31z2enhh7jwt3) (version source revid:vvaintroub@mysql.com-20100216221947-luyhph0txl2c5tc8) (merge vers: 5.5.99-m3) (pib:16)
[10 Mar 2010 20:11] Bugs System
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/102937

3123 Konstantin Osipov	2010-03-10
      A fix for Bug#49972 "Crash in prepared statements": 
      
      The problem is introduced by WL#4435 "Support OUT-parameters in 
      prepared statements".
      When a statement that has out parameters was reprepared,
      the reprepare request error was ignored, and an
      attempt to send out parameters to the client was made.
      
      Since the out parameter list was not initialized in case
      of an error, this attempt led to a crash.
      
      Don't try to send out parameters to the client
      if an error occurred in statement execution.
     @ sql/sql_prepare.cc
        Don't try to send out parameters if error.
     @ tests/mysql_client_test.c
        Re-enable the test case for Bug#49972.
[11 Mar 2010 13:48] Bugs System
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/103007

3127 Konstantin Osipov	2010-03-11
      A fix for Bug#49972 "Crash in prepared statements": 
      
      The problem is introduced by WL#4435 "Support OUT-parameters in 
      prepared statements".
      When a statement that has out parameters was reprepared,
      the reprepare request error was ignored, and an
      attempt to send out parameters to the client was made.
      
      Since the out parameter list was not initialized in case
      of an error, this attempt led to a crash.
      
      Don't try to send out parameters to the client
      if an error occurred in statement execution.
     @ sql/sql_prepare.cc
        Don't try to send out parameters if error.
     @ tests/mysql_client_test.c
        Re-enable the test case for Bug#49972.
[12 Mar 2010 18:10] Bugs System
Pushed into 6.0.14-alpha (revid:alik@sun.com-20100312180926-0emfjrj8e9xnvl8h) (version source revid:alik@sun.com-20100312180447-2r0ak22y13s05134) (merge vers: 6.0.14-alpha) (pib:16)
[12 Mar 2010 18:11] Bugs System
Pushed into mysql-next-mr (revid:alik@sun.com-20100312180838-rk60kn38g0qwt78n) (version source revid:alik@sun.com-20100312180435-wk7nvsbfntfus5bu) (pib:16)
[12 Mar 2010 18:22] Bugs System
Pushed into 5.5.3-m3 (revid:alik@sun.com-20100312181131-0b7v8r2htpd9jz2a) (version source revid:alik@sun.com-20100312181131-0b7v8r2htpd9jz2a) (merge vers: 5.5.3-m3) (pib:16)
[15 Mar 2010 15:04] Konstantin Osipov
Pushed into 5.5.3-m3
[15 Mar 2010 16:03] Paul Dubois
Noted in 6.0.14 changelog.

If an error occurred when a prepared statement was reprepared, OUT
parameters incorrectly could be sent to the client, leading to a
crash.  

No 5.5.x changelog entry because this error appears in no 5.5.x release.