UDF kills mysqld with longer strings

adelton Fri, 06 Apr 2001 03:35:52 -0700
>Description:

UDF working with strings longer than (I believe) 255 bytes kills
the server. Even if the initid->max_length is set to the length of
the string that will be returned, as the manual suggests.

Please not that in this case, no additional memory is needed -- the
function just copies the input to output and expects that MySQL will
be able to process the result properly. It doesn't seem to be the
case.

There may be a bug in my code but I saw a couple of others reporting
the same thing, so I've made the function as small as possible to
show the behaviour.

I'd appreciate a copy of the response since I read the mysql lists
only as digests.

Jan Pazdziora
[EMAIL PROTECTED]

>How-To-Repeat:
Please consider the source below (made as short as possible).
Compiles fine, copied to the lib location. Done

function test_long_string returns string soname "udf_test_long_string.so"

and then

select test_long_string('jezek')

returns jezek correctly. However after

create table b_ad_long(data text)
insert into b_ad_long values ('12345678')
update b_ad_long set data = concat(data, data, data, data)

and this update repeated twice more to achieve

select length(data) from b_ad_long

returning 512, and

select test_long_string(data) from b_ad_long

I get Lost connection to MySQL server during query in the client.

Server's log shows

Length 65535, max_len 65535
arg length 512
char 0
char 1
char 2
... upto
char 510
char 511
mysqld got signal 11;
The manual section 'Debugging a MySQL server' tells you how to use a
stack trace and/or the core file to produce a readable backtrace that may
help in finding out why mysqld died.
Attempting backtrace. You can use the following information to find out
where mysqld died.  If you see no messages after this, something went
terribly wrong...
Stack range sanity check OK, backtrace follows:
0x4008efeb
0x38373635
New value of ebp failed sanity check, terminating backtrace!

Number of processes running now: 0
010406 12:42:25  mysqld restarted

The code is here:

#include <stdio.h>      /* we need NULL */
#include <mysql.h>

my_bool test_long_string_init(UDF_INIT *initid, UDF_ARGS *args, char *message);
char *test_long_string(UDF_INIT *initid, UDF_ARGS *args, char *result,
               unsigned long *length, char *is_null, char *error);

my_bool test_long_string_init(UDF_INIT *initid, UDF_ARGS *args, char *message) {
        fprintf(stderr, "Length %ld, max_len %ld\n", args->lengths[0],
                initid->max_length);

        if (args->arg_count != 1 || args->arg_type[0] != STRING_RESULT) {
                strcpy(message, "One argument required for test_long_string_init");
                return 1;
        }
        initid->max_length = args->lengths[0];
        return 0;
}

char *test_long_string(UDF_INIT *initid, UDF_ARGS *args, char *result,
               unsigned long *length, char *is_null, char *error) {
        int count = 0;
        if (args->args[0] == NULL) {
                *is_null = 1;
                return NULL;
        }
        fprintf(stderr, "arg length %ld\n", args->lengths[0]);
        *length = args->lengths[0];
        while (count < args->lengths[0]) {
                fprintf(stderr, "char %d\n", count);
                result[count] = (unsigned char)args->args[0][count];
                count++;
        }
        return result;
}

>Fix:

I don't know. MySQL should honor the initid->max_length and make sure
the result has enough memory allocated.

>Submitter-Id:  <submitter ID>
>Originator:    Jan Pazdziora
>Organization:
        Masaryk University, Brno, Czech Republic
>MySQL support: none
>Synopsis:      UDF kills mysqld with longer strings
>Severity:      serious
>Priority:      medium
>Category:      mysql
>Class:         sw-bug
>Release:       mysql-3.23.34a (Source distribution)

>Environment:
        
System: Linux lethe.fi.muni.cz 2.4.0-test11 #1 Po lis 27 21:49:43 CET 2000 i586 unknown
Architecture: i586

Some paths:  /usr/bin/perl /usr/bin/make /usr/bin/gmake /usr/bin/gcc /usr/bin/cc
GCC: Reading specs from /usr/lib/gcc-lib/i386-redhat-linux/2.96/specs
gcc version 2.96 20000731 (Red Hat Linux 7.0)
Compilation info: CC='gcc'  CFLAGS=''  CXX='c++'  CXXFLAGS=''  LDFLAGS=''
LIBC: 
lrwxrwxrwx    1 root     root           14 Nov 27 13:10 /lib/libc.so.6 -> 
libc-2.1.92.so
-rwxr-xr-x    1 root     root      4686077 Aug 30  2000 /lib/libc-2.1.92.so
-rw-r--r--    1 root     root     22607104 Aug 30  2000 /usr/lib/libc.a
-rw-r--r--    1 root     root          178 Aug 30  2000 /usr/lib/libc.so
Configure command: ./configure  --prefix=/export/home/adelton/mysql-3.23.34a 
--with-innobase --with-charset=czech --with-extra-charsets=all --without-docs 
--without-bench


---------------------------------------------------------------------
Before posting, please check:
   http://www.mysql.com/manual.php   (the manual)
   http://lists.mysql.com/           (the list archive)

To request this thread, e-mail <[EMAIL PROTECTED]>
To unsubscribe, e-mail <[EMAIL PROTECTED]>
Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
UDF kills mysqld with longer strings

Reply via email to
