Skip to content

Fix GH-15432: Heap corruption when querying a vector #15445

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 5 commits into from
Closed

Fix GH-15432: Heap corruption when querying a vector #15445

wants to merge 5 commits into from

Conversation

cmb69
Copy link
Member

@cmb69 cmb69 commented Aug 16, 2024

Since the mysqlnd result set is arena allocated, we must not simply free it, but rather call the appropriate free_result method.

@cmb69
Fix phpGH-15432: Heap corruption when querying a vector
b7488a6 
Since the mysqlnd result set is arena allocated, we must not simply
free it, but rather call the appropriate `free_result` method.
@cmb69
Copy link
Member Author

cmb69 commented Aug 16, 2024

Note that the skip conditions are not correct; we probably can't check for the server version to detect vector datatype support (this might not be available for other databases supporting the MySQL protocol), and we likely get different results with libmysql-client (although I wouldn't know which ones exactly; particularly wrt. the libmysql client version in use). And the SKIPIF sections are already very ugly. Maybe @kamil-tekiela can help a bit with this?

And of course we need to decide whether we want to implement (basic) vector database support right away (i.e. for PHP-8.2). See PR #15431 for a basic implementation.

Anyhow, I've tested this with the Windows debug heap enabled, and couldn't find any issues. Some additional ASan/MSan or valgrind testing might be in order nonetheless.

@cmb69 cmb69 linked an issue Aug 16, 2024 that may be closed by this pull request
PHP crashes when processing a MySQL DB query with a new Vector format introduced in MySQL 9.0 #15432
Closed
kamil-tekiela
kamil-tekiela reviewed Aug 16, 2024
View reviewed changes
kamil-tekiela
kamil-tekiela reviewed Aug 16, 2024
View reviewed changes
kamil-tekiela
kamil-tekiela reviewed Aug 16, 2024
View reviewed changes
cmb69
cmb69 commented Aug 16, 2024
View reviewed changes
cmb69 and others added 2 commits August 16, 2024 20:49
@cmb69 @kamil-tekiela
Update ext/mysqli/tests/gh15432.phpt
8a8e041 
Co-authored-by: Kamil Tekiela <tekiela246@gmail.com>
@cmb69
Update ext/mysqlnd/mysqlnd_result.c
dbdeeff
@kamil-tekiela
Copy link
Member

See 80ece39

cmb69
cmb69 commented Aug 16, 2024
View reviewed changes
@cmb69 cmb69 marked this pull request as ready for review August 16, 2024 19:43
@cmb69 cmb69 requested a review from SakiTakamachi as a code owner August 16, 2024 19:43
@cmb69 cmb69 requested a review from kamil-tekiela August 16, 2024 19:44
@kamil-tekiela
Copy link
Member

Ahh yes, but now we run into a problem. My PR fixes the bug so now your test case will not reproduce it. Do we have a different way of reproducing it?

@cmb69
Copy link
Member Author

cmb69 commented Aug 16, 2024

My PR fixes the bug so now your test case will not reproduce it. Do we have a different way of reproducing it?

First, having a regression test is good, but not absolutely mandatory. Still, to test this issue we would need to have a server that sends an unknown datatype code (something else instead of that 242). We have something like that for pdo_firebird, but such tests are brittle, complex to create and maintain, and in this case it might not be worth it.

@cmb69
Copy link
Member Author

cmb69 commented Aug 19, 2024

Is this good to be applied (this heap corruption needs to be addressed)? Afterwards, we could address PR #15431.

kamil-tekiela
kamil-tekiela approved these changes Aug 19, 2024
View reviewed changes
Copy link
Member

@kamil-tekiela kamil-tekiela left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I agree to the fix. I am only concerned what to do with the test case. Should I remove it in my PR or mark it as XFAIL?

@cmb69
Copy link
Member Author

cmb69 commented Aug 20, 2024

I am only concerned what to do with the test case. Should I remove it in my PR or mark it as XFAIL?

As it's now, your PR would overwrite the test (after having resolved the merge conflict), and I still think that this is okay (not perfect, but good enough).

@kamil-tekiela
Copy link
Member

Ok, then let's merge this one.

@cmb69
Copy link
Member Author

cmb69 commented Aug 20, 2024

Applied as b1211c1.

@cmb69 cmb69 closed this Aug 20, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kamil-tekiela kamil-tekiela kamil-tekiela approved these changes

@SakiTakamachi SakiTakamachi Awaiting requested review from SakiTakamachi SakiTakamachi is a code owner

Assignees
No one assigned
Labels
Extension: mysqli Extension: mysqlnd
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

PHP crashes when processing a MySQL DB query with a new Vector format introduced in MySQL 9.0
2 participants
@cmb69 @kamil-tekiela