[debian-mysql] Severe bug in stretch version 2.3.2 of libmariadb2

Nils Rennebarth nils.rennebarth at secunet.com
Mon Nov 5 10:22:45 GMT 2018


Hello,

The mariadb-connector-c version currently in debian stretch has a severe
bug: When an interrupt is received by a mariadb client program while a
request is running over a local unix domain socket, the library (and
thus the client) gets stuck in a tight loop with 100% CPU usage.

The following lines in libmariadb/violite2.c are the problem:

249    do {
250      rc= poll(&p_fd, 1, timeout);
251    } while (rc == -1 || errno == EINTR);

Obviously, line 251 should read

251    } while (rc == -1 && errno == EINTR);

instead (i.e. || replaced by &&) which upstream had been done in commit
8b3695271 on 2017-01-30, by 9EOR9

Debian should either update its 2.3.2 version with the fix above or
update to a newer release (current is 2.3.7).

Best regards, Nils Rennebarth

-- 
Dipl. Math Nils Rennebarth
Senior Berater
Entwicklung
Division Network & Client security
secunet Security Networks AG


Tel.: +49 201 5454-3976
Fax: +49 711 900300-90
Mobil: +49 174 9750449
E-Mail: nils.rennebarth at secunet.com


Neue Brücke 3
70173 Stuttgart
www.secunet.com

______________________________________________________________________

Sitz: Kurfürstenstraße 58, 45138 Essen, Deutschland
Amtsgericht Essen HRB 13615
Vorstand: Dr. Rainer Baumgart (Vors.), Axel Deininger, Thomas Pleines
Aufsichtsratsvorsitzender: Ralf Wintergerst
______________________________________________________________________




More information about the pkg-mysql-maint mailing list