Bug #74616 Double free error due to global extern variable LOCALHOST referenced at 2 places
Submitted: 29 Oct 2014 10:39 Modified: 19 Nov 2014 18:11
Reporter: Hemant Dangi Email Updates:
Status: Closed Impact on me:
None 
Category:Connector / C++ Severity:S3 (Non-critical)
Version:1.1.4 OS:Any
Assigned to: CPU Architecture:Any

[29 Oct 2014 10:39] Hemant Dangi
Description:
global variable LOCALHOST is declared in driver/mysql_util.cpp:
const sql::SQLString LOCALHOST("localhost");

Its reference at two places in C/C++ code 
driver/mysql_uri.cpp:60:	const sql::SQLString & hostValue4sock= util::LOCALHOST;
driver/mysql_connection.cpp:744:	if (tcpProtocol(uri) && !uri.Host().compare(util::LOCALHOST)) {

And giving double free corruption error when MySQL_Uri::Host() is called in uri testcase.

+ test/unit/classes/uri tcp://127.0.0.1:10940 root '' test
# uri
1..4
ok 1 - uri::tcp
ok 2 - uri::tcpIpV6
ok 3 - uri::socket
ok 4 - uri::pipe

Failed 0/4, 100.00% okay
/export/home/pb2/build/sb_0-13496861-1413993308.63/pb2-script: line 243:  2526 Aborted                 (core dumped) $t ${tcp_test_arg} root "" test

How to repeat:
Execute uri testcase in C/C++ source code.

Suggested fix:
sql::SQLString  could be replaced by const char * or define macro.
[19 Nov 2014 12:45] Hemant Dangi
Posted by developer:
 
Global variable LOCALHOST is reference at two places in C/C++ code, which result in double free corruption error in uri testcase.
[19 Nov 2014 18:11] Paul DuBois
Noted in 1.1.5 changelog.

The LOCALHOST global variable was referenced at two places in C/C++
code, which could result in a double-free corruption error.