Debian Bug report logs - #966633
libmariadb3: In Perl, doing a ping() after a disconnect() causes a segfault using DBD::mysql

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Dianne Skoll <dianne@skoll.ca>

To: Debian Bug Tracking System <submit@bugs.debian.org>

Subject: libmariadb3: In Perl, doing a ping() after a disconnect() causes a segfault using DBD::mysql

Date: Fri, 31 Jul 2020 15:37:40 -0400

Package: libmariadb3
Version: 1:10.3.22-0+deb10u1
Severity: important
Tags: patch

Hi,

The issue is described at https://github.com/perl5-dbi/DBD-mysql/issues/306
The following Perl script segfaults quite regularly:

use Test::More;
use DBI;

my $dbname = 'mysql';
my $user = 'user';
my $password = 'password';
chomp $password;
my $dbh = DBI->connect("dbi:mysql:$dbname;host=localhost",$user, $password,
    { mysql_auto_reconnect => 0 });
$dbh->disconnect();
ok( ! $dbh->ping(), 'dbh is disconnected and did not segv');

done_testing();

The problem is that mysql_close frees a couple of objects, but does not
set the pointer to those objects to NULL.  The ping() call references
freed memory and behavior is undefined.

The patch below fixes the problem.

Regards,

Dianne.

===================================================================
--- mariadb-10.3-10.3.22.orig/libmariadb/libmariadb/mariadb_lib.c
+++ mariadb-10.3-10.3.22/libmariadb/libmariadb/mariadb_lib.c
@@ -2000,6 +2000,8 @@ mysql_close(MYSQL *mysql)
     if (mysql->extension)
       free(mysql->extension);
 
+    mysql->net.extension = NULL;
+    mysql->extension = NULL;
     mysql->net.pvio= 0;
     if (mysql->free_me)
       free(mysql);
===================================================================


-- System Information:
Debian Release: 10.4
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 5.7.11 (SMP w/12 CPU cores)
Locale: LANG=C, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE=C (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Init: systemd (via /run/systemd/system)

Message #10 received at 966633@bugs.debian.org (full text, mbox, reply):

From: Otto Kekäläinen <otto@debian.org>

To: Dianne Skoll <dianne@skoll.ca>, 966633@bugs.debian.org

Subject: Re: [debian-mysql] Bug#966633: libmariadb3: In Perl, doing a ping() after a disconnect() causes a segfault using DBD::mysql

Date: Sat, 1 Aug 2020 14:06:57 +0300

Hello!

Thanks for reporting!

It would be best if you submitted your patch directly upstream at
https://github.com/mariadb-corporation/mariadb-connector-c/

They have the best knowledge to assess if this change is OK or if it
has potential regressions.

Message #15 received at 966633@bugs.debian.org (full text, mbox, reply):

From: Dianne Skoll <dianne@skoll.ca>

To: Otto Kekäläinen <otto@debian.org>

Subject: Re: [debian-mysql] Bug#966633: libmariadb3: In Perl, doing a ping() after a disconnect() causes a segfault using DBD::mysql

Date: Sat, 1 Aug 2020 08:40:33 -0400

Hi, Otto,

> It would be best if you submitted your patch directly upstream at
>
https://github.com/mariadb-corporation/mariadb-connector-c/

Thank you; I have done that at
https://jira.mariadb.org/browse/CONC-487

However, given the developer's response on
https://jira.mariadb.org/browse/CONC-289 I don't know if they will accept
the patch.

> They have the best knowledge to assess if this change is OK or if it
> has potential regressions.

Well, the patch simply sets pointers to NULL after the memory that they
point to has been freed.  They already do that in one other place
(the memset call in mysql_close sets mysql->options.extension to NULL)
with a comment "/* Clear pointers for better safety */" so I hope that
they (and Debian) will accept the patch.

Regards,

Dianne.
better safety */" so I hope that
they (and Debian) will accept the patch.

Regards,

Dianne.

Message #20 received at 966633@bugs.debian.org (full text, mbox, reply):

From: Otto Kekäläinen <otto@debian.org>

To: Dianne Skoll <dianne@skoll.ca>, 966633@bugs.debian.org

Subject: Re: [debian-mysql] Bug#966633: libmariadb3: In Perl, doing a ping() after a disconnect() causes a segfault using DBD::mysql

Date: Mon, 31 Aug 2020 20:16:07 +0300

> Hi, Otto,
>
> I did submit my patch to upstream and it was
> accepted into 3.1:
>
> https://github.com/mariadb-corporation/mariadb-connector-c/pull/144
>
> It would be great if you could apply this patch to your next
> minor update rather than waiting for 3.1, however, because it
> does fix a very annoying Perl DBD::mariadb problem as I
> mentioned in the original bug report.

Sure. Done in https://salsa.debian.org/mariadb-team/mariadb-10.3/-/commit/42aa94496c3438a623cc1faf25e679f19bbfffc3
for Debian unstable.

Message #25 received at 966633-close@bugs.debian.org (full text, mbox, reply):

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>

To: 966633-close@bugs.debian.org

Subject: Bug#966633: fixed in mariadb-10.3 1:10.3.24-2

Date: Tue, 01 Sep 2020 13:19:49 +0000

Source: mariadb-10.3
Source-Version: 1:10.3.24-2
Done: =?utf-8?b?T3R0byBLZWvDpGzDpGluZW4=?= <otto@debian.org>

We believe that the bug you reported is fixed in the latest version of
mariadb-10.3, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 966633@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Otto Kekäläinen <otto@debian.org> (supplier of updated mariadb-10.3 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 01 Sep 2020 12:07:19 +0300
Source: mariadb-10.3
Binary: libmariadb-dev libmariadbclient-dev libmariadb-dev-compat libmariadb3 libmariadbd19 libmariadbd-dev mariadb-common mariadb-client-core-10.3 mariadb-client-10.3 mariadb-server-core-10.3 mariadb-server-10.3 mariadb-server mariadb-client mariadb-backup mariadb-plugin-connect mariadb-plugin-rocksdb mariadb-plugin-oqgraph mariadb-plugin-tokudb mariadb-plugin-mroonga mariadb-plugin-spider mariadb-plugin-gssapi-server mariadb-plugin-gssapi-client mariadb-plugin-cracklib-password-check mariadb-test mariadb-test-data
Architecture: source
Version: 1:10.3.24-2
Distribution: unstable
Urgency: medium
Maintainer: Debian MySQL Maintainers <pkg-mysql-maint@lists.alioth.debian.org>
Changed-By: Otto Kekäläinen <otto@debian.org>
Description:
 libmariadb-dev - MariaDB database development files
 libmariadb-dev-compat - MariaDB Connector/C, compatibility symlinks
 libmariadb3 - MariaDB database client library
 libmariadbclient-dev - MariaDB database development files (transitional package)
 libmariadbd-dev - MariaDB embedded database, development files
 libmariadbd19 - MariaDB embedded database, shared library
 mariadb-backup - Backup tool for MariaDB server
 mariadb-client - MariaDB database client (metapackage depending on the latest vers
 mariadb-client-10.3 - MariaDB database client binaries
 mariadb-client-core-10.3 - MariaDB database core client binaries
 mariadb-common - MariaDB common metapackage
 mariadb-plugin-connect - Connect storage engine for MariaDB
 mariadb-plugin-cracklib-password-check - CrackLib Password Validation Plugin for MariaDB
 mariadb-plugin-gssapi-client - GSSAPI authentication plugin for MariaDB client
 mariadb-plugin-gssapi-server - GSSAPI authentication plugin for MariaDB server
 mariadb-plugin-mroonga - Mroonga storage engine for MariaDB
 mariadb-plugin-oqgraph - OQGraph storage engine for MariaDB
 mariadb-plugin-rocksdb - RocksDB storage engine for MariaDB
 mariadb-plugin-spider - Spider storage engine for MariaDB
 mariadb-plugin-tokudb - TokuDB storage engine for MariaDB
 mariadb-server - MariaDB database server (metapackage depending on the latest vers
 mariadb-server-10.3 - MariaDB database server binaries
 mariadb-server-core-10.3 - MariaDB database core server files
 mariadb-test - MariaDB database regression test suite
 mariadb-test-data - MariaDB database regression test suite - data files
Closes: 966633
Changes:
 mariadb-10.3 (1:10.3.24-2) unstable; urgency=medium
 .
   * Include MariaDB client plugin caching_sha2_password
   * Fix Perl script segfaults by backporting patch (Closes: #966633)
Checksums-Sha1:
 e4add01119a8d017c7612b3914090b782e531f0b 4772 mariadb-10.3_10.3.24-2.dsc
 f4295ec2fa8306b2bb5b382b775cdeaa5ffaf4e3 218176 mariadb-10.3_10.3.24-2.debian.tar.xz
 e8a3dd34071c0a72790b7bbbe136f328efd67ec2 9295 mariadb-10.3_10.3.24-2_source.buildinfo
Checksums-Sha256:
 3452696ebe2d91908394534ea2f32f1fd41a72b49c8b44c48ce433b7b3c74104 4772 mariadb-10.3_10.3.24-2.dsc
 7070a7df6571eb5cdf9811d0a35197e6358ec351c3bf086be13a97cb8d459279 218176 mariadb-10.3_10.3.24-2.debian.tar.xz
 24c30e44522c23ce83e5c8ceeb683fb1bca0cf78f3c4a6b4676a471cf8b270f2 9295 mariadb-10.3_10.3.24-2_source.buildinfo
Files:
 be5427c79c1d18cd8f5997f1eb07aa81 4772 database optional mariadb-10.3_10.3.24-2.dsc
 2429ffa2e5ed641c6f4e6e8be195aa07 218176 database optional mariadb-10.3_10.3.24-2.debian.tar.xz
 d53c59014be97658db0815fbcc596e48 9295 database optional mariadb-10.3_10.3.24-2_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEmbRSsR88dMO0U+RvvthEn87o2ogFAl9OEAQACgkQvthEn87o
2ojePw//XnVYIr1EALF1iuGDHawrrjmn8VXvtKZWcOJgJzGD7URznHV0YBb7Bg5v
zHtwmrCN5TlAh6nP+q5rsMJdaNns+8p3imZXJbQY0IwWQPe1KpeAbtsWn5voDJ9c
8kQtOmbck8bmFzeXDkJXle/Un3UZSBFqww1Q4jeaY4hxiVyINPMxFe3JYXeMa9zf
YFJotUBn+4YWAd7GcLPfKYnxQ8BJZNiiOXePAtbXdRRzXOY4F0n0WNTKqGjmtXCf
CliddXEXsOGOFJ9O3S8G4i0fQy/gnmcn+hIxmLlikyANnzNoIB/Q5tk54qvVFiDK
1oAyMOxkJ+iv8ikd84EBAVVVFbA5M0Kvo+ShlAtmRII0U9zLvZ6GscJTVaKwMrO4
IZ1A+InOrOUvPbRmOS3YsJ0hvA+Ssxac64ZfZ8+BdiWf2gqc3HHL+UUGROtR/xgj
u0ZRA34fnEG0SIjJGAoojxyU5Nq1bNU3Kl1YAMXmC1WY/Vl4qsMlkNGiEimATQuH
kXR5z9H60+qf5cANTek4/l+tJ61pZ6LX0pO13ls81hsW5U7s0UoBiJ3QQC/TAiMg
3Stv2HV7IrU5g1sIFGyX1FZJCnAk9TC/meUE04CC4fJjlR48jwl6qdiyrijMaDgj
cbloytkh+5LAJGgDTiUbp2QQI08PKGUanz5HnuPGRLXVjiLy4WM=
=A79H
-----END PGP SIGNATURE-----

Send a report that this bug log contains spam.