Bug #67444 | mysql_stmt_execute NULL pointer core | ||
---|---|---|---|
Submitted: | 1 Nov 2012 8:26 | Modified: | 13 Aug 2013 15:14 |
Reporter: | Jack Lee | Email Updates: | |
Status: | Not a Bug | Impact on me: | |
Category: | MySQL Server: C API (client library) | Severity: | S3 (Non-critical) |
Version: | 5.5.28 | OS: | Any |
Assigned to: | CPU Architecture: | Any | |
Tags: | NULL pointer core |
[1 Nov 2012 8:26]
Jack Lee
[13 Nov 2012 17:52]
Sveta Smirnova
Thank you for the report. DBUG_RETURN does not crash anything. Please provide repeatable test case if mysql_stmt_execute crashes for you.
[14 Nov 2012 1:55]
Jack Lee
Test Code
Attachment: testCode.c (text/plain), 1.85 KiB.
[14 Nov 2012 1:56]
Jack Lee
I have uploaded the test code in this bug.See it in the attacthed file. When i run this test program, it crashes at the mysql_stmt_execute. Then i run gdb and see info below: Program terminated with signal 11, Segmentation fault. #0 0x00007f77ff9e27b5 in mysql_stmt_execute () from /usr/lib64/libmysqlclient.so.15 (gdb) where #0 0x00007f77ff9e27b5 in mysql_stmt_execute () from /usr/lib64/libmysqlclient.so.15 #1 0x0000000000400ad3 in main () The crash first happens in my project.It happens like this: 1. The db connection is lost(Stop mysql for a while). 2. My program found that and call mysql_stmt_close to free all the stmt handles but not set them all to NULL. 3. Do connect to db but fails. 4. The program call mysql_stmt_execute and then it crashes(The stmt handles have been freed and not inited).
[22 Nov 2012 18:58]
Sveta Smirnova
Thank you for the feedback. Verified as described.
[7 Aug 2013 13:08]
Igor Solodovnikov
Hello Jack Lee. In source code libmysql/libmysql.c just before mysql_stmt_execute() there is comment which describes stmt parameter usage: stmt statement handle. The handle must be created with mysql_stmt_init() and prepared with mysql_stmt_prepare(). If there are placeholders in the statement they must be bound to local variables with mysql_stmt_bind_param(). It clearly states that "handle must be created and prepared". I think it is clear NULL is not created nor prepared. Why do you think mysql_stmt_execute() should be able to handle NULL ?
[13 Aug 2013 13:22]
Paul DuBois
"Shall we add null pointer check before "MYSQL *mysql= stmt->mysql" ?" Yes, that'd be a good idea.
[13 Aug 2013 15:13]
Igor Solodovnikov
mysql_stmt_execute() documentation (http://dev.mysql.com/doc/refman/5.5/en/mysql-stmt-execute.html) states: mysql_stmt_execute() executes the prepared query associated with the statement handle Thus mysql_stmt_execute() only works with prepared queries. So NULL pointer is not valid value for stmt parameter of mysql_stmt_execute(). Similarly many other C API functions only work with non-null statement handles. One exception of this rule is mysql_init() function. But this exception is clearly documented (see http://dev.mysql.com/doc/refman/5.5/en/mysql-init.html). Closing as not a bug.