database/mariadb
database/mariadb
1
0
Fork 0
mirror of https://github.com/MariaDB/server.git synced 2025-05-07 04:01:59 +03:00
Code

Bug#59109 : mysqlslap crashes on mysql_fetch_row after ignoring

Browse Source 
null from mysql_store_result.

mysqlslap segfaults at a point when it tries to fetch rows from
the result set.

Under some circumstances, mysql_store_result can return 'NULL',
even after query execution (mysql_query) succeeds, and eventually
a segfault might occur if same unchecked return value is passed
to mysql_fetch_row.

Fixed by adding a check on mysql_store_result's return value.


client/mysqlslap.c:
  Bug#59109 : mysqlslap crashes on mysql_fetch_row after ignoring
              null from mysql_store_result.
  
  Added a check on mysql_store_result's return value. A 'NULL' return
  value here shows an erroneous situation as mysql_field_count has already
  reported a non-zero value.
This commit is contained in:
Nirbhay Choubey 2011-01-13 15:56:42 +05:30
parent dcf9828221
commit db36f63984
1 changed files with 15 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
client/mysqlslap.c
View File

@ -1519,7 +1519,12 @@ generate_primary_key_list(MYSQL *mysql, option_string *engine_stmt)
exit(1);
}
result= mysql_store_result(mysql);
if (!(result= mysql_store_result(mysql)))
{
fprintf(stderr, "%s: Error when storing result: %d %s\n",
my_progname, mysql_errno(mysql), mysql_error(mysql));
exit(1);
}
primary_keys_number_of= mysql_num_rows(result);
/* So why check this? Blackhole :) */
@ -1891,10 +1896,15 @@ limit_not_met:
{
if (mysql_field_count(mysql))
{
result= mysql_store_result(mysql);
while ((row = mysql_fetch_row(result)))
counter++;
mysql_free_result(result);
if (!(result= mysql_store_result(mysql)))
fprintf(stderr, "%s: Error when storing result: %d %s\n",
my_progname, mysql_errno(mysql), mysql_error(mysql));
else
{
while ((row= mysql_fetch_row(result)))
counter++;
mysql_free_result(result);
}
}
} while(mysql_next_result(mysql) == 0);
queries++;