Bug #89359 Segmentation fault if multibyte character used in prompt string
Submitted: 23 Jan 2018 13:05 Modified: 5 Feb 2021 13:03
Reporter: Jiri Tyr Email Updates:
Status: Verified Impact on me:
None 
Category:MySQL Server: Command-line Clients Severity:S1 (Critical)
Version:5.6, 5.7, 8.0, 5.6.39, 5.7.21, 5.7.33, 8.0.23 OS:Linux
Assigned to: CPU Architecture:Any

[23 Jan 2018 13:05] Jiri Tyr 
Description:
There is a bug which causes Segmentation fault if I use multibyte character in the MySQL prompt string (e.g. http://graphemica.com/%E2%89%BB). Everything works just fine in MySQL 5.5 but is broken in any later version. The same thing works just fine in any version of Percona or MariaDB.

Here are some details from GDB:

gdb --args mysql -p --prompt "$(echo -e '\\u@\\h \\d \xE2\x89\xBB ')"
...
Program received signal SIGSEGV, Segmentation fault.
prompt_print (el=el@entry=0x555555ba5940, op=op@entry=0)
    at /export/home/pb2/build/sb_0-26265460-1512807908.0/release/mysql-5.6.39/cmd-line-utils/libedit/prompt.c:99
99	/export/home/pb2/build/sb_0-26265460-1512807908.0/release/mysql-5.6.39/cmd-line-utils/libedit/prompt.c: No such file or directory.
(gdb) bt
#0  prompt_print (el=el@entry=0x555555ba5940, op=op@entry=0)
    at /export/home/pb2/build/sb_0-26265460-1512807908.0/release/mysql-5.6.39/cmd-line-utils/libedit/prompt.c:99
#1  0x000055555564360b in re_refresh (el=el@entry=0x555555ba5940)
    at /export/home/pb2/build/sb_0-26265460-1512807908.0/release/mysql-5.6.39/cmd-line-utils/libedit/refresh.c:233
#2  0x0000555555642451 in read_prepare (el=0x555555ba5940)
    at /export/home/pb2/build/sb_0-26265460-1512807908.0/release/mysql-5.6.39/cmd-line-utils/libedit/read.c:455
#3  0x00005555556427dd in el_wgets (el=el@entry=0x555555ba5940, 
    nread=nread@entry=0x7fffffffe4a4)
    at /export/home/pb2/build/sb_0-26265460-1512807908.0/release/mysql-5.6.39/cmd-line-utils/libedit/read.c:531
#4  0x00005555556376c1 in el_gets (el=0x555555ba5940, 
    nread=nread@entry=0x7fffffffe4a4)
    at /export/home/pb2/build/sb_0-26265460-1512807908.0/release/mysql-5.6.39/cmd-line-utils/libedit/eln.c:74
#5  0x000055555562f0c1 in readline (
    p=0x555555bcf7d0 "root@localhost (none) \356\202\260 ")
    at /export/home/pb2/build/sb_0-26265460-1512807908.0/release/mysql-5.6.39/cmd-line-utils/libedit/readline.c:441
#6  0x000055555558db78 in read_and_execute (interactive=<optimized out>)
    at /export/home/pb2/build/sb_0-26265460-1512807908.0/release/mysql-5.6.39/cl---Type <return> to continue, or q <return> to quit---
ient/mysql.cc:2155
#7  0x0000555555584811 in main (argc=<optimized out>, argv=<optimized out>)
    at /export/home/pb2/build/sb_0-26265460-1512807908.0/release/mysql-5.6.39/client/mysql.cc:1396

How to repeat:
docker run --name mysql -e MYSQL_ROOT_PASSWORD=password --rm -itd mysql:5.6
mysql -p --prompt "$(echo -e '\\u@\\h \\d \xE2\x89\xBB ')"
[24 Jan 2018 4:47] MySQL Verification Team 
Hello Jiri Tyr,

Thank you for report and feedback.
Observed the reported issue in docker environment(MySQL - 5.6.39, 5.7.21).

Thanks,
Umesh
[24 Jan 2018 4:50] MySQL Verification Team 
## 5.5 with docker images - not affected

ushastry@Docker:~$ docker run --name bug89359 -e MYSQL_ROOT_PASSWORD=mysql123 --rm -itd mysql:5.5
Unable to find image 'mysql:5.5' locally
5.5: Pulling from library/mysql
f49cf87b52c1: Already exists 
78032de49d65: Already exists 
837546b20bc4: Already exists 
9b8316af6cc6: Already exists 
49b5a0115c5a: Pull complete 
5a4b0da7a8b4: Pull complete 
528291820139: Pull complete 
4e249b5e7030: Pull complete 
9266fe0a861a: Pull complete 
11b3cc095887: Pull complete 
55d467c834eb: Pull complete 
Digest: sha256:4e544380148766a323715122491a782dc87cfca0078a2719a1c90294094bf4e2
Status: Downloaded newer image for mysql:5.5
4f87dc0c649e6375e1fb7a3f9e08939b501ce42b9fc284dae2dac3ecdfbe4312
ushastry@Docker:~$ docker ps
CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS              PORTS               NAMES
4f87dc0c649e        mysql:5.5           "docker-entrypoint..."   31 seconds ago      Up 29 seconds       3306/tcp            bug89359
ushastry@Docker:~$ docker exec -it bug89359 bash
root@4f87dc0c649e:/# 
root@4f87dc0c649e:/# mysql -p --prompt "$(echo -e '\\u@\\h \\d \xE2\x89\xBB ')"
Enter password: 
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 1
Server version: 5.5.59 MySQL Community Server (GPL)

Copyright (c) 2000, 2018, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

root@localhost (none) ≻
[24 Jan 2018 4:51] MySQL Verification Team 
## 5.6/5.7 with docker images - affected

ushastry@Docker:~$ cat /etc/*release
DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=16.04
DISTRIB_CODENAME=xenial
DISTRIB_DESCRIPTION="Ubuntu 16.04.2 LTS"
NAME="Ubuntu"
VERSION="16.04.2 LTS (Xenial Xerus)"
ID=ubuntu
ID_LIKE=debian
PRETTY_NAME="Ubuntu 16.04.2 LTS"
VERSION_ID="16.04"
HOME_URL="http://www.ubuntu.com/"
SUPPORT_URL="http://help.ubuntu.com/"
BUG_REPORT_URL="http://bugs.launchpad.net/ubuntu/"
VERSION_CODENAME=xenial
UBUNTU_CODENAME=xenial
ushastry@Docker:~$ docker run --name bug89359 -e MYSQL_ROOT_PASSWORD=mysql123 --rm -itd mysql:5.6
Unable to find image 'mysql:5.6' locally
5.6: Pulling from library/mysql
f49cf87b52c1: Pull complete 
78032de49d65: Pull complete 
837546b20bc4: Pull complete 
9b8316af6cc6: Pull complete 
28dd7bab809d: Pull complete 
8b95be8b8d36: Pull complete 
2c501037cc00: Pull complete 
1abe484cca68: Pull complete 
ca1153755154: Pull complete 
e241550fcba4: Pull complete 
Digest: sha256:6e5ba1192843bda054090a1f7a8481054a0b1038457b3acb9043628e0443ed50
Status: Downloaded newer image for mysql:5.6
7fa7ab53667a5106b560fe20de897a420ba7c20da77d1170f6013bd94e1db4ca

ushastry@Docker:~$ docker ps
CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS              PORTS               NAMES
7fa7ab53667a        mysql:5.6           "docker-entrypoint..."   2 minutes ago       Up About a minute   3306/tcp            bug89359

ushastry@Docker:~$ docker exec -it bug89359 bash
root@7fa7ab53667a:/# mysql -uroot -p --prompt "$(echo -e '\\u@\\h \\d \xE2\x89\xBB ')"
Enter password: 
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 5
Server version: 5.6.39 MySQL Community Server (GPL)

Copyright (c) 2000, 2018, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

Segmentation fault (core dumped)
root@7fa7ab53667a:/# 

## Docker 5.7

ushastry@Docker:~$ docker run --name bug89359 -e MYSQL_ROOT_PASSWORD=mysql123 --rm -itd mysql:5.7
Unable to find image 'mysql:5.7' locally
5.7: Pulling from library/mysql
f49cf87b52c1: Already exists 
78032de49d65: Already exists 
837546b20bc4: Already exists 
9b8316af6cc6: Already exists 
1056cf29b9f1: Pull complete 
86f3913b029a: Pull complete 
f98eea8321ca: Pull complete 
3a8e3ebdeaf5: Pull complete 
4be06ac1c51e: Pull complete 
920c7ffb7747: Pull complete 
Digest: sha256:7cdb08f30a54d109ddded59525937592cb6852ff635a546626a8960d9ec34c30
Status: Downloaded newer image for mysql:5.7
87824ee1f94adcc9a7337c6f448d93ee8bb35c662cbfb5a96b002b28d89b074a

ushastry@Docker:~$ docker ps
CONTAINER ID        IMAGE               COMMAND                  CREATED              STATUS              PORTS               NAMES
87824ee1f94a        mysql:5.7           "docker-entrypoint..."   About a minute ago   Up About a minute   3306/tcp            bug89359

ushastry@Docker:~$ docker exec -it bug89359 bash
root@87824ee1f94a:/# mysql -uroot -p --prompt "$(echo -e '\\u@\\h \\d \xE2\x89\xBB ')"
Enter password: 
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 2
Server version: 5.7.21 MySQL Community Server (GPL)

Copyright (c) 2000, 2018, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

Segmentation fault (core dumped)
root@87824ee1f94a:/#
[24 Jan 2018 4:53] MySQL Verification Team 
# Non-docker instances - on OL7, Ubuntu 16.04 etc - not seeing any issues though

#
root@ubuntu1604lts:/home/ushastry# mysql -p --prompt "$(echo -e '\\u@\\h \\d \xE2\x89\xBB ')"
Enter password: 
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 40
Server version: 5.7.21 MySQL Community Server (GPL)

Copyright (c) 2000, 2018, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

root@localhost (none) ≻ use test
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A

Database changed
root@localhost test ≻ \q
Bye
root@ubuntu1604lts:/home/ushastry# mysql -p --prompt "$(echo -e '\\u@\\h \\d \xE2\x89\xBB ')"
Enter password: 
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 41
Server version: 5.7.21 MySQL Community Server (GPL)

Copyright (c) 2000, 2018, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

root@localhost (none) ≻ \q
Bye
root@ubuntu1604lts:/home/ushastry# cat /etc/*release
DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=16.04
DISTRIB_CODENAME=xenial
DISTRIB_DESCRIPTION="Ubuntu 16.04.2 LTS"
NAME="Ubuntu"
VERSION="16.04.2 LTS (Xenial Xerus)"
ID=ubuntu
ID_LIKE=debian
PRETTY_NAME="Ubuntu 16.04.2 LTS"
VERSION_ID="16.04"
HOME_URL="http://www.ubuntu.com/"
SUPPORT_URL="http://help.ubuntu.com/"
BUG_REPORT_URL="http://bugs.launchpad.net/ubuntu/"
VERSION_CODENAME=xenial
UBUNTU_CODENAME=xenial
[24 Jan 2018 15:19] Jiri Tyr 
Thanks for looking into this issue. I did some more investigation and have found out that if I set locale to use UTF-8, the MySQL client stops crashing.

$ locale
LANG=
LANGUAGE=
LC_CTYPE="POSIX"
LC_NUMERIC="POSIX"
LC_TIME="POSIX"
LC_COLLATE="POSIX"
LC_MONETARY="POSIX"
LC_MESSAGES="POSIX"
LC_PAPER="POSIX"
LC_NAME="POSIX"
LC_ADDRESS="POSIX"
LC_TELEPHONE="POSIX"
LC_MEASUREMENT="POSIX"
LC_IDENTIFICATION="POSIX"
LC_ALL=
$ locale -a
C
C.UTF-8
POSIX
$ export LANG=C.UTF-8
$ mysql -p

I have also compered the locale with Percona container and they use the same default locale like MySQL container but their MySQL client doesn't crash at all. So I think it must be really some bug in the MySQL client.
[3 Feb 2021 17:25] Paul DuBois 
Posted by developer:
 
Fixed in 5.7.30, 8.0.20 by this change:

The bundled libedit library was upgraded to version 3.1.
[5 Feb 2021 12:35] Jiri Tyr 
I have just checked and I'm still getting a "Segmentation fault (core dumped)" error on 5.7.33 and 8.0.23 when trying to set the prompt with this command:

mysql -p --prompt "$(echo -e '\\u@\\h \\d \xE2\x89\xBB ')"
[5 Feb 2021 13:03] MySQL Verification Team 
Thank you for the feedback.
Opening the bug since 8.0.23 and 5.7.33 builds are affected.