Bug #14553380 MYSQL C API LIBRARY EXITS AT NET_CLEAR AT NET_SERV.CC:223

Problem description: When client loses the connection to the MySQL server or 
if the server gets shutdown after mysql_stmt_prepare() then the next 
mysql_stmt_prepare() will return an error(as expected) but consecutive call 
mysql_stmt_execute(), will crash the client program. 
The expected behavior would be, it should through an error.

Analysis: The mysql_stmt_prepare() interns calls the function end_server() 
and net->vio and net->buff are freed and set to NULL. Then the next call 
mysql_stmt_execute() will interns call net_clear() where we are "net->vio" 
with out validating it.

Fix: we are validating the net->vio, before calling net_clear().

1 files changed, 8 insertions, 1 deletions

diff --git a/libmysql/libmysql.c b/libmysql/libmysql.c
index ed1a85f86b4..a6bb617132f 100644
--- a/libmysql/libmysql.c
+++ b/libmysql/libmysql.c
@@ -2107,7 +2107,14 @@ int cli_stmt_execute(MYSQL_STMT *stmt)
       DBUG_RETURN(1);
     }
 
-    net_clear(net, 1);				/* Sets net->write_pos */
+    if (net->vio)
+      net_clear(net, 1);          /* Sets net->write_pos */
+    else
+    {
+      set_stmt_errmsg(stmt, net);
+      DBUG_RETURN(1);             
+    }
+
     /* Reserve place for null-marker bytes */
     null_count= (stmt->param_count+7) /8;
     if (my_realloc_str(net, null_count + 1))