Bug #77046 | the Vulnerability in mysql client 5.x (windows) | ||
---|---|---|---|
Submitted: | 15 May 2015 6:14 | Modified: | 30 Dec 2015 11:38 |
Reporter: | doggy doggy | Email Updates: | |
Status: | Can't repeat | Impact on me: | |
Category: | MySQL Server: Compiling | Severity: | S3 (Non-critical) |
Version: | 5.x | OS: | Windows (windows7 x84) |
Assigned to: | CPU Architecture: | Any |
[15 May 2015 6:14]
doggy doggy
[4 Sep 2015 8:39]
MySQL Verification Team
Hello! Thank you for the report. I'm not seeing this issue with 5.5/5.6 builds. Could you please confirm from your end with 5.5/5.6? If you can provide more information, feel free to add it to this bug and change the status back to 'Open'. Thank you for your interest in MySQL. Thanks, Umesh
[30 Dec 2015 15:55]
MySQL Verification Team
5.5, 5.6, 5.7, 5.8 clients weren't affected. 5.1.73 client encountered this: [q@q mysql-5.1.73-linux-x86_64-glibc23]$ valgrind --db-attach=yes ./bin/mysql -uroot ==24513== ==24513== Warning: --db-attach is a deprecated feature which will be ==24513== removed in the next release. Use --vgdb-error=1 instead ==24513== ==24513== Memcheck, a memory error detector ==24513== Copyright (C) 2002-2013, and GNU GPL'd, by Julian Seward et al. ==24513== Using Valgrind-3.10.0 and LibVEX; rerun with -h for copyright info ==24513== Command: ./bin/mysql -uroot -h192.168.1.1 ==24513== Welcome to the MySQL monitor. Commands end with ; or \g. ==24513== Invalid write of size 1 ==24513== at 0x4C3075C: __GI_mempcpy (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) ==24513== by 0x5A53548: _IO_default_xsputn (genops.c:464) ==24513== by 0x5A22A4C: vfprintf (vfprintf.c:1635) ==24513== by 0x5A4897A: vsprintf (iovsprintf.c:42) ==24513== by 0x5A2BD46: sprintf (sprintf.c:32) ==24513== by 0x4441D0: main (mysql.cc:1172) ==24513== Address 0x63cba78 is 0 bytes after a block of size 520 alloc'd ==24513== at 0x4C29BFD: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) ==24513== by 0x471B41: my_malloc (my_malloc.c:37) ==24513== by 0x44535B: String::realloc(unsigned int) (sql_string.cc:79) ==24513== by 0x4440F6: main (mysql.cc:1148) ==24513== Let us know if you can repeat the problem using 5.5 or newer client.