Commit db36f639 authored by Nirbhay Choubey's avatar Nirbhay Choubey

Bug#59109 : mysqlslap crashes on mysql_fetch_row after ignoring

            null from mysql_store_result.

mysqlslap segfaults at a point when it tries to fetch rows from
the result set.

Under some circumstances, mysql_store_result can return 'NULL',
even after query execution (mysql_query) succeeds, and eventually
a segfault might occur if same unchecked return value is passed
to mysql_fetch_row.

Fixed by adding a check on mysql_store_result's return value.


client/mysqlslap.c:
  Bug#59109 : mysqlslap crashes on mysql_fetch_row after ignoring
              null from mysql_store_result.
  
  Added a check on mysql_store_result's return value. A 'NULL' return
  value here shows an erroneous situation as mysql_field_count has already
  reported a non-zero value.
parent dcf98282
...@@ -1519,7 +1519,12 @@ generate_primary_key_list(MYSQL *mysql, option_string *engine_stmt) ...@@ -1519,7 +1519,12 @@ generate_primary_key_list(MYSQL *mysql, option_string *engine_stmt)
exit(1); exit(1);
} }
result= mysql_store_result(mysql); if (!(result= mysql_store_result(mysql)))
{
fprintf(stderr, "%s: Error when storing result: %d %s\n",
my_progname, mysql_errno(mysql), mysql_error(mysql));
exit(1);
}
primary_keys_number_of= mysql_num_rows(result); primary_keys_number_of= mysql_num_rows(result);
/* So why check this? Blackhole :) */ /* So why check this? Blackhole :) */
...@@ -1891,10 +1896,15 @@ limit_not_met: ...@@ -1891,10 +1896,15 @@ limit_not_met:
{ {
if (mysql_field_count(mysql)) if (mysql_field_count(mysql))
{ {
result= mysql_store_result(mysql); if (!(result= mysql_store_result(mysql)))
while ((row = mysql_fetch_row(result))) fprintf(stderr, "%s: Error when storing result: %d %s\n",
counter++; my_progname, mysql_errno(mysql), mysql_error(mysql));
mysql_free_result(result); else
{
while ((row= mysql_fetch_row(result)))
counter++;
mysql_free_result(result);
}
} }
} while(mysql_next_result(mysql) == 0); } while(mysql_next_result(mysql) == 0);
queries++; queries++;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment