Skip Menu |

This queue is for tickets about the DBD-mysql CPAN distribution.

Report information
The Basics
Id: 61849
Status: resolved
Priority: 0/
Queue: DBD-mysql
People
Owner: Nobody in particular
Requestors: yuri [...] deepunix.net
Cc: pali [...] cpan.org
AdminCc:
Bug Information
Severity: (no value)
Broken in: (no value)
Fixed in: 4.037

History Show all quoted text
  Sat Oct 02 07:30:17 2010 yuri [...] deepunix.net - Ticket created
Subject: buffer overflow when bind param type is incorrect
Date: Sat, 2 Oct 2010 14:29:30 +0300
To: bug-DBD-mysql [...] rt.cpan.org
From: Yuri Arabadji <yuri [...] deepunix.net>
Hello. I'm getting repeatable buffer overflow in DBD-mysql. Reproducable with latest version and down to 2007 releases (I've tried a couple). mysql-5.0.77-4.el5_5.3 table column definition: `cert_key` decimal(60,0) NOT NULL, $ perl -mDBI -mDBD::mysql -e '$dbh = DBI->connect("DBI:mysql:database=openca;host=yu.home.xxx", "xxx", "xxx"); $sth = $dbh->prepare("select * from certificate where (cert_key=?) order by rowid"); $sth->bind_param(1, "85453dff8e256dcf94f04a4fc439c388b684fcf2", 3); ' *** buffer overflow detected ***: perl terminated ======= Backtrace: ========= /lib64/libc.so.6(__chk_fail+0x2f)[0x3c7cae789f] /lib64/libc.so.6[0x3c7cae6d09] /lib64/libc.so.6(_IO_default_xsputn+0x94)[0x3c7ca6e294] /lib64/libc.so.6(_IO_vfprintf+0x3e13)[0x3c7ca46503] /lib64/libc.so.6(__vsprintf_chk+0x9d)[0x3c7cae6dad] /lib64/libc.so.6(__sprintf_chk+0x80)[0x3c7cae6cf0] /usr/lib64/perl5/vendor_perl/5.8.8/x86_64-linux-thread-multi/auto/DBD/mysql/mysql.so(mysql_bind_ph+0x418)[0x2b0118faebd8] /usr/lib64/perl5/vendor_perl/5.8.8/x86_64-linux-thread-multi/auto/DBD/mysql/mysql.so(XS_DBD__mysql__st_bind_param+0x1c7)[0x2b0118fbbce7] /usr/lib64/perl5/site_perl/5.8.8/x86_64-linux-thread-multi/auto/DBI/DBI.so(XS_DBI_dispatch+0x2150)[0x2b0118b96cd0] /usr/lib64/perl5/5.8.8/x86_64-linux-thread-multi/CORE/libperl.so(Perl_pp_entersub+0x3f6)[0x3c7ea90a96] /usr/lib64/perl5/5.8.8/x86_64-linux-thread-multi/CORE/libperl.so(Perl_runops_standard+0xe)[0x3c7ea8a33e] /usr/lib64/perl5/5.8.8/x86_64-linux-thread-multi/CORE/libperl.so(perl_run+0x30a)[0x3c7ea3808a] perl(main+0xfc)[0x4017bc] /lib64/libc.so.6(__libc_start_main+0xf4)[0x3c7ca1d994] perl[0x401609] ======= Memory map: ======== 00400000-00403000 r-xp 00000000 fd:00 950896 /usr/bin/perl 00602000-00604000 rw-p 00002000 fd:00 950896 /usr/bin/perl 11087000-11380000 rw-p 11087000 00:00 0 [heap] 3c7c600000-3c7c61c000 r-xp 00000000 fd:00 882145 /lib64/ld-2.5.so 3c7c81b000-3c7c81c000 r--p 0001b000 fd:00 882145 /lib64/ld-2.5.so 3c7c81c000-3c7c81d000 rw-p 0001c000 fd:00 882145 /lib64/ld-2.5.so 3c7ca00000-3c7cb4e000 r-xp 00000000 fd:00 882872 /lib64/libc-2.5.so 3c7cb4e000-3c7cd4d000 ---p 0014e000 fd:00 882872 /lib64/libc-2.5.so 3c7cd4d000-3c7cd51000 r--p 0014d000 fd:00 882872 /lib64/libc-2.5.so 3c7cd51000-3c7cd52000 rw-p 00151000 fd:00 882872 /lib64/libc-2.5.so 3c7cd52000-3c7cd57000 rw-p 3c7cd52000 00:00 0 3c7ce00000-3c7ce02000 r-xp 00000000 fd:00 882874 /lib64/libdl-2.5.so 3c7ce02000-3c7d002000 ---p 00002000 fd:00 882874 /lib64/libdl-2.5.so 3c7d002000-3c7d003000 r--p 00002000 fd:00 882874 /lib64/libdl-2.5.so 3c7d003000-3c7d004000 rw-p 00003000 fd:00 882874 /lib64/libdl-2.5.so 3c7d200000-3c7d216000 r-xp 00000000 fd:00 882873 /lib64/libpthread-2.5.so 3c7d216000-3c7d415000 ---p 00016000 fd:00 882873 /lib64/libpthread-2.5.so 3c7d415000-3c7d416000 r--p 00015000 fd:00 882873 /lib64/libpthread-2.5.so 3c7d416000-3c7d417000 rw-p 00016000 fd:00 882873 /lib64/libpthread-2.5.so 3c7d417000-3c7d41b000 rw-p 3c7d417000 00:00 0 3c7d600000-3c7d682000 r-xp 00000000 fd:00 882875 /lib64/libm-2.5.so 3c7d682000-3c7d881000 ---p 00082000 fd:00 882875 /lib64/libm-2.5.so 3c7d881000-3c7d882000 r--p 00081000 fd:00 882875 /lib64/libm-2.5.so 3c7d882000-3c7d883000 rw-p 00082000 fd:00 882875 /lib64/libm-2.5.so 3c7da00000-3c7da14000 r-xp 00000000 fd:00 954229 /usr/lib64/libz.so.1.2.3 3c7da14000-3c7dc13000 ---p 00014000 fd:00 954229 /usr/lib64/libz.so.1.2.3 3c7dc13000-3c7dc14000 rw-p 00013000 fd:00 954229 /usr/lib64/libz.so.1.2.3 3c7de00000-3c7de15000 r-xp 00000000 fd:00 882880 /lib64/libselinux.so.1 3c7de15000-3c7e015000 ---p 00015000 fd:00 882880 /lib64/libselinux.so.1 3c7e015000-3c7e017000 rw-p 00015000 fd:00 882880 /lib64/libselinux.so.1 3c7e017000-3c7e018000 rw-p 3c7e017000 00:00 0 3c7e200000-3c7e23b000 r-xp 00000000 fd:00 882879 /lib64/libsepol.so.1 3c7e23b000-3c7e43b000 ---p 0003b000 fd:00 882879 /lib64/libsepol.so.1 3c7e43b000-3c7e43c000 rw-p 0003b000 fd:00 882879 /lib64/libsepol.so.1 3c7e43c000-3c7e446000 rw-p 3c7e43c000 00:00 0 3c7ea00000-3c7eb2c000 r-xp 00000000 fd:00 1077849 /usr/lib64/perl5/5.8.8/x86_64-linux-thread-multi/CORE/libperl.so 3c7eb2c000-3c7ed2b000 ---p 0012c000 fd:00 1077849 /usr/lib64/perl5/5.8.8/x86_64-linux-thread-multi/CORE/libperl.so 3c7ed2b000-3c7ed34000 rw-p 0012b000 fd:00 1077849 /usr/lib64/perl5/5.8.8/x86_64-linux-thread-multi/CORE/libAborted Thanks. -- Best regards, Yuri Arabadji -- Systems Engineer
  Wed Nov 09 08:11:21 2016 pali [...] cpan.org - Cc PALI added
  Wed Nov 09 08:11:42 2016 pali [...] cpan.org - Correspondence added
On Sat Oct 02 07:30:17 2010, yuri@deepunix.net wrote: Show quoted text
> Hello. > > I'm getting repeatable buffer overflow in DBD-mysql. Reproducable with > latest version and down to 2007 releases (I've tried a couple). > > mysql-5.0.77-4.el5_5.3 > table column definition: `cert_key` decimal(60,0) NOT NULL, > > $ perl -mDBI -mDBD::mysql -e '$dbh = DBI-
> >connect("DBI:mysql:database=openca;host=yu.home.xxx", "xxx", "xxx");
> $sth = $dbh->prepare("select * from certificate where (cert_key=?) > order by rowid"); $sth->bind_param(1, > "85453dff8e256dcf94f04a4fc439c388b684fcf2", 3); ' > > *** buffer overflow detected ***: perl terminated > ======= Backtrace: ========= > /lib64/libc.so.6(__chk_fail+0x2f)[0x3c7cae789f] > /lib64/libc.so.6[0x3c7cae6d09] > /lib64/libc.so.6(_IO_default_xsputn+0x94)[0x3c7ca6e294] > /lib64/libc.so.6(_IO_vfprintf+0x3e13)[0x3c7ca46503] > /lib64/libc.so.6(__vsprintf_chk+0x9d)[0x3c7cae6dad] > /lib64/libc.so.6(__sprintf_chk+0x80)[0x3c7cae6cf0] > /usr/lib64/perl5/vendor_perl/5.8.8/x86_64-linux-thread- > multi/auto/DBD/mysql/mysql.so(mysql_bind_ph+0x418)[0x2b0118faebd8] > /usr/lib64/perl5/vendor_perl/5.8.8/x86_64-linux-thread- > multi/auto/DBD/mysql/mysql.so(XS_DBD__mysql__st_bind_param+0x1c7)[0x2b0118fbbce7] > /usr/lib64/perl5/site_perl/5.8.8/x86_64-linux-thread- > multi/auto/DBI/DBI.so(XS_DBI_dispatch+0x2150)[0x2b0118b96cd0] > /usr/lib64/perl5/5.8.8/x86_64-linux-thread- > multi/CORE/libperl.so(Perl_pp_entersub+0x3f6)[0x3c7ea90a96] > /usr/lib64/perl5/5.8.8/x86_64-linux-thread- > multi/CORE/libperl.so(Perl_runops_standard+0xe)[0x3c7ea8a33e] > /usr/lib64/perl5/5.8.8/x86_64-linux-thread- > multi/CORE/libperl.so(perl_run+0x30a)[0x3c7ea3808a] > perl(main+0xfc)[0x4017bc] > /lib64/libc.so.6(__libc_start_main+0xf4)[0x3c7ca1d994] > perl[0x401609] > ======= Memory map: ======== > 00400000-00403000 r-xp 00000000 fd:00 950896 > /usr/bin/perl > 00602000-00604000 rw-p 00002000 fd:00 950896 > /usr/bin/perl > 11087000-11380000 rw-p 11087000 00:00 0 > [heap] > 3c7c600000-3c7c61c000 r-xp 00000000 fd:00 882145 > /lib64/ld-2.5.so > 3c7c81b000-3c7c81c000 r--p 0001b000 fd:00 882145 > /lib64/ld-2.5.so > 3c7c81c000-3c7c81d000 rw-p 0001c000 fd:00 882145 > /lib64/ld-2.5.so > 3c7ca00000-3c7cb4e000 r-xp 00000000 fd:00 882872 > /lib64/libc-2.5.so > 3c7cb4e000-3c7cd4d000 ---p 0014e000 fd:00 882872 > /lib64/libc-2.5.so > 3c7cd4d000-3c7cd51000 r--p 0014d000 fd:00 882872 > /lib64/libc-2.5.so > 3c7cd51000-3c7cd52000 rw-p 00151000 fd:00 882872 > /lib64/libc-2.5.so > 3c7cd52000-3c7cd57000 rw-p 3c7cd52000 00:00 0 > 3c7ce00000-3c7ce02000 r-xp 00000000 fd:00 882874 > /lib64/libdl-2.5.so > 3c7ce02000-3c7d002000 ---p 00002000 fd:00 882874 > /lib64/libdl-2.5.so > 3c7d002000-3c7d003000 r--p 00002000 fd:00 882874 > /lib64/libdl-2.5.so > 3c7d003000-3c7d004000 rw-p 00003000 fd:00 882874 > /lib64/libdl-2.5.so > 3c7d200000-3c7d216000 r-xp 00000000 fd:00 882873 > /lib64/libpthread-2.5.so > 3c7d216000-3c7d415000 ---p 00016000 fd:00 882873 > /lib64/libpthread-2.5.so > 3c7d415000-3c7d416000 r--p 00015000 fd:00 882873 > /lib64/libpthread-2.5.so > 3c7d416000-3c7d417000 rw-p 00016000 fd:00 882873 > /lib64/libpthread-2.5.so > 3c7d417000-3c7d41b000 rw-p 3c7d417000 00:00 0 > 3c7d600000-3c7d682000 r-xp 00000000 fd:00 882875 > /lib64/libm-2.5.so > 3c7d682000-3c7d881000 ---p 00082000 fd:00 882875 > /lib64/libm-2.5.so > 3c7d881000-3c7d882000 r--p 00081000 fd:00 882875 > /lib64/libm-2.5.so > 3c7d882000-3c7d883000 rw-p 00082000 fd:00 882875 > /lib64/libm-2.5.so > 3c7da00000-3c7da14000 r-xp 00000000 fd:00 954229 > /usr/lib64/libz.so.1.2.3 > 3c7da14000-3c7dc13000 ---p 00014000 fd:00 954229 > /usr/lib64/libz.so.1.2.3 > 3c7dc13000-3c7dc14000 rw-p 00013000 fd:00 954229 > /usr/lib64/libz.so.1.2.3 > 3c7de00000-3c7de15000 r-xp 00000000 fd:00 882880 > /lib64/libselinux.so.1 > 3c7de15000-3c7e015000 ---p 00015000 fd:00 882880 > /lib64/libselinux.so.1 > 3c7e015000-3c7e017000 rw-p 00015000 fd:00 882880 > /lib64/libselinux.so.1 > 3c7e017000-3c7e018000 rw-p 3c7e017000 00:00 0 > 3c7e200000-3c7e23b000 r-xp 00000000 fd:00 882879 > /lib64/libsepol.so.1 > 3c7e23b000-3c7e43b000 ---p 0003b000 fd:00 882879 > /lib64/libsepol.so.1 > 3c7e43b000-3c7e43c000 rw-p 0003b000 fd:00 882879 > /lib64/libsepol.so.1 > 3c7e43c000-3c7e446000 rw-p 3c7e43c000 00:00 0 > 3c7ea00000-3c7eb2c000 r-xp 00000000 fd:00 1077849 > /usr/lib64/perl5/5.8.8/x86_64-linux-thread-multi/CORE/libperl.so > 3c7eb2c000-3c7ed2b000 ---p 0012c000 fd:00 1077849 > /usr/lib64/perl5/5.8.8/x86_64-linux-thread-multi/CORE/libperl.so > 3c7ed2b000-3c7ed34000 rw-p 0012b000 fd:00 1077849 > /usr/lib64/perl5/5.8.8/x86_64-linux-thread-multi/CORE/libAborted > > > Thanks.
Fixed in 4.037.
  Wed Nov 09 08:11:43 2016 The RT System itself - Status changed from 'new' to 'open'
  Wed Nov 09 08:11:48 2016 pali [...] cpan.org - Fixed in 4.037 added
  Wed Nov 09 08:57:19 2016 MICHIELB [...] cpan.org - Status changed from 'open' to 'resolved'