Bug #99112 | When using mysql_real_connect_nonblocking a memory leak can occur | ||
---|---|---|---|
Submitted: | 30 Mar 2020 23:27 | Modified: | 11 May 2020 17:53 |
Reporter: | Jay Edgar | Email Updates: | |
Status: | Closed | Impact on me: | |
Category: | MySQL Server: C API (client library) | Severity: | S3 (Non-critical) |
Version: | 8.0.19 | OS: | Any |
Assigned to: | CPU Architecture: | Any |
[30 Mar 2020 23:27]
Jay Edgar
[31 Mar 2020 0:58]
Jay Edgar
It turns out I submitted this too soon. There is another change needed in order to avoid a double-free. The `my_free(ctx);` at the end of mysql_real_connect_nonblocking() in the error case needs to be removed because the mysql_close_free() call a few lines earlier now frees the same buffer. diff --git a/sql-common/client.cc b/sql-common/client.cc index 5153dfdd837..2c052675c18 100644 --- a/sql-common/client.cc +++ b/sql-common/client.cc @@ -5907,7 +5907,6 @@ net_async_status STDCALL mysql_real_connect_nonblocking( my_free(ctx->scramble_buffer); ctx->scramble_buffer = nullptr; } - my_free(ctx); DBUG_RETURN(NET_ASYNC_ERROR); } }
[31 Mar 2020 14:20]
MySQL Verification Team
Hi Mr. Edgar, Thank you very much for your bug report. I have analysed your patches and I agree with you fully. Verified as reported.
[2 Apr 2020 20:43]
Jay Edgar
Further testing with Valgrind shows that we need to move the mysql_close_free() call since the memory is still being accessed. diff --git a/sql-common/client.cc b/sql-common/client.cc index 2c052675c18..b8b2a48afc4 100644 --- a/sql-common/client.cc +++ b/sql-common/client.cc @@ -5900,13 +5900,13 @@ net_async_status STDCALL mysql_real_connect_nonblocking( mysql->net.sqlstate, mysql->net.last_error)); /* Free alloced memory */ end_server(mysql); - mysql_close_free(mysql); if (!(ctx->client_flag & CLIENT_REMEMBER_OPTIONS)) mysql_close_free_options(mysql); if (ctx->scramble_buffer_allocated) { my_free(ctx->scramble_buffer); ctx->scramble_buffer = nullptr; } + mysql_close_free(mysql); DBUG_RETURN(NET_ASYNC_ERROR); } }
[3 Apr 2020 12:14]
MySQL Verification Team
Thank you, Mr. Edgar.
[11 May 2020 17:53]
Paul DuBois
Posted by developer: Fixed in 8.0.21. Calling mysql_real_connect_nonblocking() with an invalid host could cause the client to exit upon calling mysql_close().
[12 May 2020 12:15]
MySQL Verification Team
Thank you, Paul.