Bug #68918 USE_AFTER_FREE Errors - Coverity Scan
Submitted: 10 Apr 2013 14:06 Modified: 15 Jul 2013 18:24
Reporter: Jan Staněk (OCA) Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Server: Errors Severity:S3 (Non-critical)
Version:5.5.28, 5.5.32, 5.6.12, 5.7.2 OS:Any
Assigned to: CPU Architecture:Any
Tags: Contribution
Triage: Needs Triage: D3 (Medium)

[10 Apr 2013 14:06] Jan Staněk
Description:
Fixes related to results of Coverity static analyzer tool

How to repeat:
Preform the static analysis
[10 Apr 2013 14:06] Jan Staněk
Suggested fix

Contribution: community-mysql-use-after-free.patch (text/x-patch), 11.67 KiB.

[25 Apr 2013 19:47] Sveta Smirnova
Thank you for the report.

Verified in version 5.5 with following comments:

client/mysqltest.cc:7804: deref_arg: Calling "mysql_stmt_errno(MYSQL_STMT *)" dereferences freed pointer "stmt". - fixed since 5.6, exists in 5.5.32

mysys/my_malloc.c - exists in all versions, but I am not sure if MY_FREE_ON_ERROR and MY_HOLD_ON_ERROR are not mutually exclusive

mysql-5.5.28/mysys/my_copy.c:136 - exists in 5.5.32, 5.6.12 and 5.7.2

mysql-5.5.28/mysys/my_copy.c:139 - exists in 5.5.32, 5.6.12 and 5.7.2

Please sign OCA, so we can include your patch into our code.
[15 Jul 2013 18:24] Paul Dubois
Noted in 5.7.2 changelog.

Some possible cases of memory use after being freed were fixed.
[13 Nov 2013 23:19] Paul Dubois
Noted in 5.6.15 changelog.
[13 Nov 2013 23:40] Paul Dubois
Thanks to Jan Staněk for the patch.