Drizzle Client & Protocol Library

packet_size > DRIZZLE_MAX_BUFFER_SIZE kills connection

Bug #1098886 reported by Andrew Hutchings
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Drizzle Client & Protocol Library
Fix Released
Critical
Andrew Hutchings
Drizzle Client & Protocol Library 5.1.2 "Dunston"

Bug Description

observed in a binlog with a 600KB event:

DEBUG: drizzle_state_packet_read
DEBUG: buffer_size= 6096, packet_size= 33, packet_number= 3
DEBUG: drizzle_state_packet_read
DEBUG: buffer_size= 6059, packet_size= 687906, packet_number= 4
DEBUG: drizzle_state_read
DEBUG: read fd=3 recv=16162 ssl= 0 errno=Resource temporarily unavailable
DEBUG: drizzle_state_read
DEBUG: read fd=3 recv=0 ssl= 0 errno=Resource temporarily unavailable

tests/unit/binlog.c:84: main Assertion 'DRIZZLE_RETURN_OK' != 'ret' [ Binlog error drizzle_state_read:libdrizzle/conn.cc:1179 lost connection to server (EOF)
 ]

Event is a query event which was caused by sysbench prepare command

Related branches

lp:~linuxjedi/libdrizzle/5.1-malloc-replace
Drizzle Trunk: Pending requested
Diff: 735 lines (+180/-159)
12 files modified
libdrizzle-5.1/constants.h (+4/-3)
libdrizzle/binlog.cc (+1/-1)
libdrizzle/column.cc (+3/-22)
libdrizzle/command.cc (+1/-1)
libdrizzle/common.h (+1/-0)
libdrizzle/conn.cc (+24/-4)
libdrizzle/drizzle.cc (+3/-51)
libdrizzle/field.cc (+1/-1)
libdrizzle/handshake.cc (+2/-2)
libdrizzle/result.cc (+5/-37)
libdrizzle/statement.cc (+21/-29)
libdrizzle/structs.h (+114/-8)
Revision history for this message
Andrew Hutchings (linuxjedi) wrote :

read_size= recv(con->fd, (char *)con->buffer_ptr + con->buffer_size, available_buffer, MSG_NOSIGNAL);

available_buffer = 0 in this context:

(gdb) print con->buffer_size
$2 = 22217
(gdb) print con->buffer_ptr - con->buffer
$3 = 10551

size_t available_buffer= (size_t)DRIZZLE_MAX_BUFFER_SIZE - ((size_t)(con->buffer_ptr - con->buffer) + con->buffer_size);

So quite rightly we get a read of 0. recv return of 0 also means connection lost.

Need a much better way of handling large packets.

summary: - binlog retrieval dies when event size > buffer_size
+ binlog retrieval dies when event size > DRIZZLE_MAX_BUFFER_SIZE
Revision history for this message
Andrew Hutchings (linuxjedi) wrote : Re: binlog retrieval dies when event size > DRIZZLE_MAX_BUFFER_SIZE

firstly we need an 'if' around available_buffer to throw an error or take some action. We should not ever request a 0 byte read.

Revision history for this message
Andrew Hutchings (linuxjedi) wrote :

all other send/recv function appear to have the same problem. Assumes the packet fits into tiny buffer. Either need a flexible buffer or a larger buffer with proper error handling (MySQL has MAX_PACKET_SIZE for this).

summary: - binlog retrieval dies when event size > DRIZZLE_MAX_BUFFER_SIZE
+ packet_size > DRIZZLE_MAX_BUFFER_SIZE kills connection
Changed in libdrizzle:
importance: High → Critical
Revision history for this message
Andrew Hutchings (linuxjedi) wrote :

Need to accelerate plans for bug #1094633. Fix this by switching the buffer to a std::vector with a default and maximum size (say 1GB).

Andrew Hutchings (linuxjedi)
Changed in libdrizzle:
status: Triaged → Fix Committed
Andrew Hutchings (linuxjedi)
Changed in libdrizzle:
milestone: 5.1.2 → 5.1.3
milestone: 5.1.3 → 5.1.2
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.