We have just discovered a fatal bug in 3.23.31 that will cause mysqld to
segfault if the client closes connection without a call to mysql_close() --
very common situation with many clients, including earlier versions of PHP 4.
The bug is very serious. We recommend that you either apply the patch ASAP,
or use 3.23.30 version until we release an update of the binaries. The patch
below fixes the problem:
--- 1.6/mysys/my_vsnprintf.c Thu Nov 16 17:36:35 2000
+++ 1.7/mysys/my_vsnprintf.c Fri Jan 19 22:40:15 2001
@@ -24,7 +24,6 @@
int my_vsnprintf(char *to, size_t n, const char* fmt, va_list ap)
{
char *start=to, *end=to+n-1;
-
for (; *fmt ; fmt++)
{
if (fmt[0] != '%')
@@ -38,10 +37,14 @@
fmt++;
while (isdigit(*fmt) || *fmt == '.' || *fmt == '-')
fmt++;
+ if(*fmt == 'l')
+ fmt++;
if (*fmt == 's') /* String parameter */
{
reg2 char *par = va_arg(ap, char *);
- uint plen = (uint) strlen(par);
+ uint plen;
+ if(!par) par = (char*)"(null)";
+ plen = (uint) strlen(par);
if ((uint) (end-to) > plen) /* Replace if possible */
{
to=strmov(to,par);
@@ -68,3 +71,35 @@
*to='\0'; /* End of errmessage */
return (uint) (to - start);
}
For the curious - the problem was introduced when we changed
sql_print_error() to use my_vsnprintf() instead of vsprintf() to avoid a
buffer overrun without realizing that my_vsnprintf() did not support %ld.
--
MySQL Development Team
__ ___ ___ ____ __
/ |/ /_ __/ __/ __ \/ / Sasha Pachev <[EMAIL PROTECTED]>
/ /|_/ / // /\ \/ /_/ / /__ MySQL AB, http://www.mysql.com/
/_/ /_/\_, /___/\___\_\___/ Provo, Utah, USA
<___/
---------------------------------------------------------------------
Before posting, please check:
http://www.mysql.com/manual.php (the manual)
http://lists.mysql.com/ (the list archive)
To request this thread, e-mail <[EMAIL PROTECTED]>
To unsubscribe, e-mail <[EMAIL PROTECTED]>
Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
