Bug#17003702 ADDRESSSANITIZER BUG IN RUN_PLUGIN_AUTH

Tor Didriksen · Tor Didriksen · commit ea9751a8f118 · 2013-07-03T15:42:55.000+02:00
Do not access the message buffer of a closed connection.
diff --git a/sql-common/client.c b/sql-common/client.c
@@ -225,6 +225,16 @@ void set_mysql_error(MYSQL *mysql, int errcode, const char *sqlstate)
   DBUG_VOID_RETURN;
 }
 
+/**
+  Is this NET instance initialized?
+  @c my_net_init() and net_end()
+ */
+
+my_bool my_net_is_inited(NET *net)
+{
+  return net->buff != NULL;
+}
+
 /**
   Clear possible error state of struct NET
 
@@ -2994,7 +3004,12 @@ int run_plugin_auth(MYSQL *mysql, char *data, uint data_len,
 
   compile_time_assert(CR_OK == -1);
   compile_time_assert(CR_ERROR == 0);
-  if (res > CR_OK && mysql->net.read_pos[0] != 254)
+
+  /*
+    The connection may be closed. If so: do not try to read from the buffer.
+  */
+  if (res > CR_OK && 
+      (!my_net_is_inited(&mysql->net) || mysql->net.read_pos[0] != 254))
   {
     /*
       the plugin returned an error. write it down in mysql,
diff --git a/tests/mysql_client_test.c b/tests/mysql_client_test.c
@@ -18011,6 +18011,7 @@ static void test_bug43560(void)
   rc= mysql_stmt_prepare(stmt, insert_str, strlen(insert_str));
   check_execute(stmt, rc);
 
+  memset(&bind, 0, sizeof(bind));
   bind.buffer_type= MYSQL_TYPE_STRING;
   bind.buffer_length= BUFSIZE;
   bind.buffer= buffer;
