BUG32165864: Fix segmentation fault when using invalid SQL with prepared statements

nmariz · nmariz · commit 70e8839f84cf · 2020-11-19T18:00:38.000Z
This patch fixes the segmentation fault when using invalid SQL syntax with
prepared statements.

A test was added for regression.
diff --git a/CHANGES.txt b/CHANGES.txt
@@ -14,6 +14,7 @@ v8.0.23
 - WL#14238: Deprecate Python 2.7 support
 - WL#14215: Replace language in APIs and source code/docs
 - WL#14213: Support GSSAPI - Kerberos auth
+- BUG#32165864: Fix segmentation fault when using invalid SQL with prepared statements
 - BUG#31882419: Fix error when getting the connection ID from a CMySQLConnection
 - BUG#29195610: Fix cursor.callproc() using namedtuple and dictionary cursors
 - BUG#26834307: Make cursor.fetchone() and cursor.fetchmany() PEP 249 compliant
diff --git a/lib/mysql/connector/cursor_cext.py b/lib/mysql/connector/cursor_cext.py
@@ -959,7 +959,8 @@ def execute(self, operation, params=(), multi=False):  # multi is unused
 
             try:
                 self._stmt = self._cnx.cmd_stmt_prepare(operation)
-            except (errors.Error, errors.ProgrammingError):
+            except errors.Error:
+                self._executed = None
                 self._stmt = None
                 raise
 
diff --git a/src/mysql_capi.c b/src/mysql_capi.c
@@ -2987,7 +2987,7 @@ MySQL_stmt_prepare(MySQL *self, PyObject *args)
 
     IS_CONNECTED(self);
 
-    if (!PyArg_ParseTuple(args, "O", &stmt))
+    if (!PyArg_ParseTuple(args, "S", &stmt))
     {
         return NULL;
     }
@@ -3033,7 +3033,6 @@ MySQL_stmt_prepare(MySQL *self, PyObject *args)
     return prep_stmt;
 
 error:
-    Py_XDECREF(stmt);
     Py_BEGIN_ALLOW_THREADS
     mysql_stmt_close(mysql_stmt);
     Py_END_ALLOW_THREADS
diff --git a/tests/test_bugs.py b/tests/test_bugs.py
@@ -5808,3 +5808,34 @@ def test_datetime_fractional(self):
             self.assertEqual(row[0], datetime(2020, 1, 1, 1, 1, 1, 543000))
             self.assertEqual(row[1], "2020-01-01 01:01:01.543")
             cur.execute("DROP TABLE IF EXISTS bug24938411")
+
+
+class BugOra32165864(tests.MySQLConnectorTests):
+    """BUG#32165864: SEGMENTATION FAULT WHEN TWO PREPARED STATEMENTS WITH
+    INCORRECT SQL SYNTAX ARE EXECUTED CONSECUTIVELY.
+    """
+
+    @foreach_cnx()
+    def test_segfault_prepared_statement(self):
+        with self.cnx.cursor() as cur:
+            cur.execute("DROP TABLE IF EXISTS bug32165864")
+            cur.execute(
+                "CREATE TABLE bug32165864 "
+                "(id INT, name VARCHAR(10), address VARCHAR(20))"
+            )
+            cur.execute(
+                "INSERT INTO bug32165864 (id, name, address) VALUES "
+                "(1, 'Joe', 'Street 1'), (2, 'John', 'Street 2')"
+            )
+            self.cnx.commit()
+
+        stmt = "SELECT * FROM customer WHERE i = ? ?"
+
+        with self.cnx.cursor(prepared=True) as cur:
+            for _ in range(10):
+                self.assertRaises(
+                    errors.Error, cur.execute, stmt, (10, "Gabriela")
+                )
+
+        with self.cnx.cursor() as cur:
+            cur.execute("DROP TABLE IF EXISTS bug32165864")

Original file line number	Diff line number	Diff line change
`@@ -2987,7 +2987,7 @@ MySQL_stmt_prepare(MySQL self, PyObject args)`
`2987`	`2987`
`2988`	`2988`	`IS_CONNECTED(self);`
`2989`	`2989`
`2990`		`- if (!PyArg_ParseTuple(args, "O", &stmt))`
	`2990`	`+ if (!PyArg_ParseTuple(args, "S", &stmt))`
`2991`	`2991`	`{`
`2992`	`2992`	`return NULL;`
`2993`	`2993`	`}`
`@@ -3033,7 +3033,6 @@ MySQL_stmt_prepare(MySQL self, PyObject args)`
`3033`	`3033`	`return prep_stmt;`
`3034`	`3034`
`3035`	`3035`	`error:`
`3036`		`- Py_XDECREF(stmt);`
`3037`	`3036`	`Py_BEGIN_ALLOW_THREADS`
`3038`	`3037`	`mysql_stmt_close(mysql_stmt);`
`3039`	`3038`	`Py_END_ALLOW_THREADS`