Bug #79728 Exception in bind_param() from driver\execute.c
Submitted: 22 Dec 2015 6:27 Modified: 22 Dec 2015 12:35
Reporter: William ZHANG Email Updates:
Status: Verified Impact on me:
None 
Category:Connector / ODBC Severity:S2 (Serious)
Version:5.3.4 OS:Any
Assigned to: CPU Architecture:Any

[22 Dec 2015 6:27] William ZHANG
Description:
Run the test case `my_cursor'.  It will crash:

msvcr120d.dll!memcpy() Line 275	Unknown
myodbc5w.dll!bind_param(st_mysql_bind * bind, const char * value, unsigned long length, enum_field_types buffer_type) Line 441	C
myodbc5w.dll!insert_param(tagSTMT * stmt, unsigned char * place4param, DESC * apd, DESCREC * aprec, DESCREC * iprec, unsigned __int64 row) Line 993	C
myodbc5w.dll!copy_rowdata(tagSTMT * stmt, DESCREC * aprec, DESCREC * iprec, st_net * * net, unsigned char * * to) Line 433	C
myodbc5w.dll!build_set_clause(tagSTMT * stmt, unsigned __int64 irow, st_dynamic_string * dynQuery) Line 839	C
myodbc5w.dll!setpos_update(tagSTMT * stmt, unsigned short irow, st_dynamic_string * dynQuery) Line 1292	C
myodbc5w.dll!my_SQLSetPos(void * hstmt, unsigned __int64 irow, unsigned short fOption, unsigned short fLock) Line 1758	C
myodbc5w.dll!SQLSetPos(void * hstmt, unsigned __int64 irow, unsigned short fOption, unsigned short fLock) Line 1895	C
my_cursor.exe!t_18805455(void * hdbc, void * hstmt, void * henv) Line 3398	C
my_cursor.exe!main(int argc, char * * argv) Line 3470	C

How to repeat:
1. Build the myodbc5w, my_cursor in debug mode with Visual Studio 2013 Community
2. Install the driver
3. Create a data source `test', with default attributes
4. Run `my_cursor.exe test' in VS 2013.

Suggested fix:
The variable `to' is set to net->buff (not a bind variable) in build_set_clause(),

SQLCHAR *to= net->buff;

in insert_param(),

// NOTES: is treated as a bind variable.  And causes the exception. 
//        Suggest use a flag to indicate if the 2nd argument of insert_param()
//        is a pointer to string, or a pointer to a bind structure.
if (ssps_used(stmt))
{
  if (bind_param(bind, data, length, MYSQL_TYPE_BLOB))
  {
    goto memerror;
  }

  goto out;
}
else
[22 Dec 2015 12:35] Chiranjeevi Battula
Hello William ZHANG,

Thank you for the bug report.
Verified based on internal discussion with dev's.

Thanks,
Chiranjeevi.
[8 Aug 2017 7:15] Hallet Antoine
I'm also affected by this problem. It is the same as the test case t_setpos_update_no_ssps in my_crash for Bug #18805520: Segmentation Fault in SQLSetPos() when NO_SSPS= 0.
I've found that this testcase t_setpos_update_no_ssps was already commited to github (https://github.com/mysql/mysql-connector-odbc) on May 28, 2014.

Do you plan to fix this or the only solution is to disable the server side prepared statements?