Bug #68918 | USE_AFTER_FREE Errors - Coverity Scan | ||
---|---|---|---|
Submitted: | 10 Apr 2013 14:06 | Modified: | 15 Jul 2013 18:24 |
Reporter: | Jan Staněk (OCA) | Email Updates: | |
Status: | Closed | Impact on me: | |
Category: | MySQL Server: Errors | Severity: | S3 (Non-critical) |
Version: | 5.5.28, 5.5.32, 5.6.12, 5.7.2 | OS: | Any |
Assigned to: | CPU Architecture: | Any | |
Tags: | Contribution |
[10 Apr 2013 14:06]
Jan Staněk
[10 Apr 2013 14:06]
Jan Staněk
Suggested fix
Contribution: community-mysql-use-after-free.patch (text/x-patch), 11.67 KiB.
[25 Apr 2013 19:47]
Sveta Smirnova
Thank you for the report. Verified in version 5.5 with following comments: client/mysqltest.cc:7804: deref_arg: Calling "mysql_stmt_errno(MYSQL_STMT *)" dereferences freed pointer "stmt". - fixed since 5.6, exists in 5.5.32 mysys/my_malloc.c - exists in all versions, but I am not sure if MY_FREE_ON_ERROR and MY_HOLD_ON_ERROR are not mutually exclusive mysql-5.5.28/mysys/my_copy.c:136 - exists in 5.5.32, 5.6.12 and 5.7.2 mysql-5.5.28/mysys/my_copy.c:139 - exists in 5.5.32, 5.6.12 and 5.7.2 Please sign OCA, so we can include your patch into our code.
[15 Jul 2013 18:24]
Paul DuBois
Noted in 5.7.2 changelog. Some possible cases of memory use after being freed were fixed.
[13 Nov 2013 23:19]
Paul DuBois
Noted in 5.6.15 changelog.
[13 Nov 2013 23:40]
Paul DuBois
Thanks to Jan Staněk for the patch.