From db36f63984154a223d5eeeeb51e9a1db4c2fb937 Mon Sep 17 00:00:00 2001
From: Nirbhay Choubey <nirbhay.choubey@sun.com>
Date: Thu, 13 Jan 2011 15:56:42 +0530
Subject: Bug#59109 : mysqlslap crashes on mysql_fetch_row after ignoring      
       null from mysql_store_result.

mysqlslap segfaults at a point when it tries to fetch rows from
the result set.

Under some circumstances, mysql_store_result can return 'NULL',
even after query execution (mysql_query) succeeds, and eventually
a segfault might occur if same unchecked return value is passed
to mysql_fetch_row.

Fixed by adding a check on mysql_store_result's return value.


client/mysqlslap.c:
  Bug#59109 : mysqlslap crashes on mysql_fetch_row after ignoring
              null from mysql_store_result.

  Added a check on mysql_store_result's return value. A 'NULL' return
  value here shows an erroneous situation as mysql_field_count has already
  reported a non-zero value.
---
 client/mysqlslap.c | 20 +++++++++++++++-----
 1 file changed, 15 insertions(+), 5 deletions(-)

(limited to 'client')

diff --git a/client/mysqlslap.c b/client/mysqlslap.c
index b1eafe0082c..3b5c14dd74b 100644
--- a/client/mysqlslap.c
+++ b/client/mysqlslap.c
@@ -1519,7 +1519,12 @@ generate_primary_key_list(MYSQL *mysql, option_string *engine_stmt)
       exit(1);
     }
 
-    result= mysql_store_result(mysql);
+    if (!(result= mysql_store_result(mysql)))
+    {
+      fprintf(stderr, "%s: Error when storing result: %d %s\n",
+              my_progname, mysql_errno(mysql), mysql_error(mysql));
+      exit(1);
+    }
     primary_keys_number_of= mysql_num_rows(result);
 
     /* So why check this? Blackhole :) */
@@ -1891,10 +1896,15 @@ limit_not_met:
       {
         if (mysql_field_count(mysql))
         {
-          result= mysql_store_result(mysql);
-          while ((row = mysql_fetch_row(result)))
-            counter++;
-          mysql_free_result(result);
+          if (!(result= mysql_store_result(mysql)))
+            fprintf(stderr, "%s: Error when storing result: %d %s\n",
+                    my_progname, mysql_errno(mysql), mysql_error(mysql));
+          else
+          {
+            while ((row= mysql_fetch_row(result)))
+              counter++;
+            mysql_free_result(result);
+          }
         }
       } while(mysql_next_result(mysql) == 0);
       queries++;
-- 
cgit v1.2.1