Bug #93646 mysqlx_session_valid() results in Segmentation fault
Submitted: 17 Dec 2018 19:25 Modified: 18 Nov 2019 18:45
Reporter: Daniël van Eeden (OCA) Email Updates:
Status: Closed Impact on me:
Category:Connector / C++ Severity:S3 (Non-critical)
Version:8.0.13 OS:Any
Assigned to: CPU Architecture:Any

[17 Dec 2018 19:25] Daniël van Eeden
Docs: https://dev.mysql.com/doc/dev/connector-cpp/8.0/group__xapi__sess.html#gadb96260c0499a1563...

Calling mysqlx_session_valid(sess) after calling mysqlx_session_close(sess) results in a SIGSEGV.

Program received signal SIGSEGV, Segmentation fault.
0x00007ffff7d7bb69 in cdk::foundation::api::Async_op_base::wait (this=0x4409e8)
    at /home/dvaneeden/dev/mysql-connector-cpp/cdk/include/mysql/cdk/foundation/async.h:77
77	    if (is_completed()) return;
(gdb) bt
#0  0x00007ffff7d7bb69 in cdk::foundation::api::Async_op_base::wait (this=0x4409e8)
    at /home/dvaneeden/dev/mysql-connector-cpp/cdk/include/mysql/cdk/foundation/async.h:77
#1  0x00007ffff7e2a7a6 in cdk::mysqlx::Session::is_valid (this=0x4409e0) at /home/dvaneeden/dev/mysql-connector-cpp/cdk/mysqlx/session.cc:447
#2  0x00007ffff7daa780 in cdk::Session::is_valid (this=0x41b178) at /home/dvaneeden/dev/mysql-connector-cpp/cdk/include/mysql/cdk/session.h:82
#3  0x00007ffff7db3008 in mysqlx_session_struct::is_valid (this=0x41a6a0) at /home/dvaneeden/dev/mysql-connector-cpp/xapi/mysqlx_cc_internal.h:207
#4  0x00007ffff7da6523 in mysqlx_session_valid (sess=0x41a6a0) at /home/dvaneeden/dev/mysql-connector-cpp/xapi/mysqlx.cc:1672
#5  0x000000000040118a in main ()

How to repeat:
#include <mysqlx/xapi.h>

int main() {
  mysqlx_session_t *sess = mysqlx_get_session_from_url("mysqlx://msandbox:msandbox@localhost/test", NULL, NULL);

Suggested fix:
1. Make mysqlx_session_valid() return 0 if the session is closed


2. Update the documentation if one must never call mysqlx_session_valid() on a closed session.
[18 Dec 2018 11:36] MySQL Verification Team
Hi Daniel,

Session handle becomes invalid after close as the memory is freed hence the crash. Our team will decide how to proceed.

Thanks for the report
[18 Dec 2018 13:26] Daniël van Eeden
Setting sess to NULL seems to work. Not sure if that's the best solution. 

#include <mysqlx/xapi.h>

int main() {
  mysqlx_session_t *sess = mysqlx_get_session_from_url("mysqlx://msandbox:msandbox@localhost/test", NULL, NULL);

  sess = NULL;

[20 Dec 2018 9:54] Rafal Somla
To be precise, after closing a session, the session is simply destroyed and no longer exists. The handle to the session (the mysqlx_session_t* pointer) becomes invalid or "dangling", similar like a pointer after a call to free(). Function mysqlx_session_valid() function does not check validity of the session handle, but of the session itself - it assumes that session handle you pass to it is valid. From that perspective, your second call to mysqlx_session_valid() is trying to check validity of a session that does not exist any more... Since it is plain C, we don't think we can detect if pointer is dangling or not - the best we can do is "undefined behavior", i.e., crash in this case.
[20 Dec 2018 20:10] Daniël van Eeden
In that case the second option I suggested seems to be the correct one: Update the documentation to say that mysqlx_session_close() invalidates the session and that it must not be used afterwards.

I think mysqlx_session_close() should have been called mysqlx_session_free() to be more explicit about what it does. But I guess it's too late to change that now.
[15 Nov 2019 13:22] Rafal Somla
Posted by developer:
Doxygen documentation for the relevant functions was updated to clearly inform that the functions invalidate handles which cannot be used afterwards.

Note: No functionality was changed - it is only a documentation update.
[18 Nov 2019 18:45] Paul Dubois
Posted by developer:
Documentation update only. No changelog entry required.