Bug #5563 C API mysql_real_escape_string() segfaults
Submitted: 14 Sep 2004 8:04 Modified: 7 Oct 2004 12:06
Reporter: Arjen Lentz Email Updates:
Status: Won't fix Impact on me:
None 
Category:MySQL Server Severity:S2 (Serious)
Version:4.0.20 OS:Linux (SuSE 9.0, Linux 2.4)
Assigned to: Antony Curtis CPU Architecture:Any

[14 Sep 2004 8:04] Arjen Lentz
Description:
See sample code below.
We call mysql_init() properly, but do not connect to the database so we don't have a connection. then we call mysql_real_escape_string(), which segfaults.
No matter what, it shouldn't segfault.

How to repeat:
#include <stdio.h>
#include <string.h>
#include <mysql/mysql.h>

static MYSQL test_db;

int main(int argc, char **argv)
{
  char value[1024],enc[1024];

  mysql_init(&test_db);

  // we're not connecting because we're being silly */

  strcpy(value,"bla");
  printf("before mysql_real_escape_string()\n");
  mysql_real_escape_string(&test_db,enc,value,strlen(value));
  printf("before mysql_real_escape_string()\n");

  return 0;
}

Suggested fix:
Could be uninitialised data in MYSQL struct. mysql_init() should set this.
And mysql_real_escape_string() should check.
[14 Sep 2004 16:07] Antony Curtis
Subject: 	bk commit - 4.0 tree (antony:1.2018) BUG#5563 
Date: 	Tue, 14 Sep 2004 16:09:46 +0100 (BST)
[16 Sep 2004 23:20] Antony Curtis
Patchset without style fixes 
Subject: 	bk commit - 4.0 tree (antony:1.2021) BUG#5563 
Date: 	Thu, 16 Sep 2004 23:04:36 +0100 (BST)	 
ChangeSet 
  1.2021 04/09/16 23:04:35 antony@ltantony.rdg.cyberkinetica.homeunix.net +2 
-0 
  Bug#5563: C API ... segfaults 
    Add sanity checks to C API functions
[7 Oct 2004 12:06] Michael Widenius
Sorry, but this is will not be a fixed.

To make the client library as small and fast as possible, we don't do extra validation checks in the library but instend depend on that people call them with valid arguments.

The problem is that you call a MySQL function with requires a valid connection, which is not supported by this function.

mysql_init() doesn't init the MYSQL object  to be used in any context; It's only initiates it to be used with mysql_connect()

The reason mysql_real_escape_string() fails is that it needs to fetch the character set from the server to be able to do the escape correctly.

I have added a note about this to the MySQL manual.