Bug #6066 calling of mysql_stmt_fetch_column() lead to crash of application
Submitted: 13 Oct 2004 15:44 Modified: 13 Oct 2004 16:42
Reporter: Alexey Stroganov Email Updates:
Status: Not a Bug Impact on me:
None 
Category:MySQL Server Severity:S2 (Serious)
Version:4.1.6-bk OS:Any (All)
Assigned to: Konstantin Osipov CPU Architecture:Any

[13 Oct 2004 15:44] Alexey Stroganov 
Description:
Working on testing of prepared statement from perl side I encountered issue that leads to crash of applicatation.

It happens when one tries to get BLOB/TEXT field through prepared statement mechanism with such scenario:

SQL - select repeat('a', 800000)

stmt_prepare()
stmt_execute()
stmt_result_metadata()

at this point  we have only assumed size of buffer from fields[0].length.

For BLOB/TEXT it is equal 8192. Then we do 

stmt_bind_results()
stmt_fetch()

and at this point we have real size of buffer, in our case - 800000.

now we have to resize buffer from 8192 to 800000 and refetch column 
with mysql_stmt_fetch_column()

and we got Segmentation fault  at this point.

I've simplified and attached test case for this issue.

backtrace:
Program received signal SIGSEGV, Segmentation fault.
0x40227eec in memcpy () from /lib/tls/libc.so.6
(gdb) bt
#0  0x40227eec in memcpy () from /lib/tls/libc.so.6
#1  0x0804ef2d in fetch_result_str (param=0x401d86b3, row=0xbffff214) at libmysql.c:3791
#2  0x0804f561 in stmt_fetch_row (stmt=0x800, row=0x814cc6e 'a' <repeats 200 times>...)
    at libmysql.c:4052
#3  0x0804f643 in mysql_stmt_fetch (stmt=0x8145110) at libmysql.c:4087
#4  0x08049992 in main (argc=1, argv=0xbffff364) at psbug.c:101

How to repeat:
Compile attached program with the latest 4.1.6 sources and just run it.
[13 Oct 2004 15:45] Alexey Stroganov 
Test case for bug#6066

Attachment: psbug.c (text/x-csrc), 3.02 KiB.
[13 Oct 2004 16:42] Alexey Stroganov 
There is mistake in test case code that leads to crash. 

So all works ok. False alarm. But anyway description and example of usage of mysql_stmt_fetch_column() should be added.