| Bug #67444 | mysql_stmt_execute NULL pointer core | ||
|---|---|---|---|
| Submitted: | 1 Nov 2012 8:26 | Modified: | 13 Aug 2013 15:14 |
| Reporter: | Jack Lee | Email Updates: | |
| Status: | Not a Bug | Impact on me: | |
| Category: | MySQL Server: C API (client library) | Severity: | S3 (Non-critical) |
| Version: | 5.5.28 | OS: | Any |
| Assigned to: | CPU Architecture: | Any | |
| Tags: | NULL pointer core | ||
[13 Nov 2012 17:52]
Sveta Smirnova
Thank you for the report. DBUG_RETURN does not crash anything. Please provide repeatable test case if mysql_stmt_execute crashes for you.
[14 Nov 2012 1:55]
Jack Lee
Test Code
Attachment: testCode.c (text/plain), 1.85 KiB.
[14 Nov 2012 1:56]
Jack Lee
I have uploaded the test code in this bug.See it in the attacthed file. When i run this test program, it crashes at the mysql_stmt_execute. Then i run gdb and see info below: Program terminated with signal 11, Segmentation fault. #0 0x00007f77ff9e27b5 in mysql_stmt_execute () from /usr/lib64/libmysqlclient.so.15 (gdb) where #0 0x00007f77ff9e27b5 in mysql_stmt_execute () from /usr/lib64/libmysqlclient.so.15 #1 0x0000000000400ad3 in main () The crash first happens in my project.It happens like this: 1. The db connection is lost(Stop mysql for a while). 2. My program found that and call mysql_stmt_close to free all the stmt handles but not set them all to NULL. 3. Do connect to db but fails. 4. The program call mysql_stmt_execute and then it crashes(The stmt handles have been freed and not inited).
[22 Nov 2012 18:58]
Sveta Smirnova
Thank you for the feedback. Verified as described.
[7 Aug 2013 13:08]
Igor Solodovnikov
Hello Jack Lee.
In source code libmysql/libmysql.c just before mysql_stmt_execute() there is comment which describes stmt parameter usage:
stmt statement handle. The handle must be created
with mysql_stmt_init() and prepared with
mysql_stmt_prepare(). If there are placeholders
in the statement they must be bound to local
variables with mysql_stmt_bind_param().
It clearly states that "handle must be created and prepared". I think it
is clear NULL is not created nor prepared.
Why do you think mysql_stmt_execute() should be able to handle NULL ?
[13 Aug 2013 13:22]
Paul DuBois
"Shall we add null pointer check before "MYSQL *mysql= stmt->mysql" ?" Yes, that'd be a good idea.
[13 Aug 2013 15:13]
Igor Solodovnikov
mysql_stmt_execute() documentation (http://dev.mysql.com/doc/refman/5.5/en/mysql-stmt-execute.html) states: mysql_stmt_execute() executes the prepared query associated with the statement handle Thus mysql_stmt_execute() only works with prepared queries. So NULL pointer is not valid value for stmt parameter of mysql_stmt_execute(). Similarly many other C API functions only work with non-null statement handles. One exception of this rule is mysql_init() function. But this exception is clearly documented (see http://dev.mysql.com/doc/refman/5.5/en/mysql-init.html). Closing as not a bug.
Description: In source code libmysql\libmysql.c, the function mysql_stmt_execute is developed as below: int STDCALL mysql_stmt_execute(MYSQL_STMT *stmt) { MYSQL *mysql= stmt->mysql; DBUG_ENTER("mysql_stmt_execute"); if (!mysql) { /* Error is already set in mysql_detatch_stmt_list */ DBUG_RETURN(1); } ...... } if stmt is null , then when we execute the mysql_stmt_execute, program core wil l happen. Shall we add null pointer check before "MYSQL *mysql= stmt->mysql" ? say : if (!stmt){ /* Error is already set in mysql_detatch_stmt_list */ DBUG_RETURN(1); } How to repeat: see the source code