MySQL Forums
Forum List  »  Connector/C++

free() invalid pointer in prepared statement
Posted by: 7 reeds
Date: October 13, 2015 04:18PM

Hi,

This may end up in finger pointing but i have to start somewhere...

I am on RedHat 6.7; I have the most recent MySQL yum repo versions of everything

mysql-community-server.x86_64 5.6.27-2.el6 plus the client and libs
mysql-connector-c++.x86_64 1.1.6-1 plus most of the other conntors

I have a C++ project that consists of an executable; a ".so" plugin for PAM (Pluggable Auth Modules); and, a library that allows the first two things to actually operate. The library, amoung other things, inserts records into a remote MySQL database during user login "session" starts and stops.

This works for the commandline exectuable. This works for what I consider "normal" PAM operations like SSH and GDM. If you are unaware, PAM is an authentication layer that, by default, sits between system and user level applications and /etc/passwd or LDAP or AD or ...

So for most of my use cases this all works, no problem. I have a case where it dramatically fails though.

There is a Linux "remote desktop" service called "xrdp". Windows clients can RDP to Linux servers running xrdp and get linus desktop environments. My PAM module (the exact same code that works for SSH and console logins) blows up on the first prepared "stmt->execute();" or the close or the delete that comes after it. My diagnostic prints don't make it out in time to know which element is actually crashing.

The first part of the message I get is:

*** glibc detected *** /usr/sbin/xrdp-sesman: free(): invalid pointer: 0x00000000015be9b0 ***
======= Backtrace: =========
/lib64/libc.so.6[0x3479275f4e]
/lib64/libc.so.6[0x3479278cad]
/usr/local/sbin/myPlugin/pam_myPlugin.so(mysql_stmt_close+0x54)[0x7fca9e1703d4]
/usr/local/sbin/myPlugin/pam_myPlugin.so(_ZN3sql5mysql9NativeAPI19LibmysqlStaticProxy10stmt_closeEP13st_mysql_stmt+0xc)[0x7fca9e16db80]
/usr/local/sbin/myPlugin/pam_myPlugin.so(_ZN3sql5mysql9NativeAPI28MySQL_NativeStatementWrapperD1Ev+0x35)[0x7fca9e127ee3]
/usr/local/sbin/myPlugin/pam_myPlugin.so(_ZN3sql5mysql9NativeAPI28MySQL_NativeStatementWrapperD0Ev+0x9)[0x7fca9e127fa5]
/usr/local/sbin/myPlugin/pam_myPlugin.so(_ZN5boost6detail17sp_counted_impl_pIN3sql5mysql9NativeAPI22NativeStatementWrapperEE7disposeEv+0x13)[0x7fca9e131911]
/usr/local/sbin/myPlugin/pam_myPlugin.so(_ZN3sql5mysql31MySQL_PreparedResultSetMetaDataD1Ev+0xa3)[0x7fca9e1658ad]
/usr/local/sbin/myPlugin/pam_myPlugin.so(_ZN3sql5mysql31MySQL_PreparedResultSetMetaDataD0Ev+0x9)[0x7fca9e1658ff]
/usr/local/sbin/myPlugin/pam_myPlugin.so(_ZN3sql5mysql24MySQL_Prepared_StatementD2Ev+0xbd)[0x7fca9e15b769]
/usr/local/sbin/myPlugin/pam_myPlugin.so(_ZN3sql5mysql24MySQL_Prepared_StatementD0Ev+0x9)[0x7fca9e15b883]
...


My code in this section looks like (edited for brevity):


/* Create a connection */
driver = get_driver_instance();
con = driver->connect("my.host", "myUser", "passwird");

/* Connect to the MySQL test database */
con->setSchema("myDB");

MyPlugin_Lib::EventRecord item;
for (int i = 0; !eventList.empty(); eventList.pop_front(), i++) {
try {
item = eventList.front();

std::string dateTmp = MyUtilities::MyUtilities::UpperCase(item.getDate().c_str());


snprintf(insertSQL, 1024,
"INSERT INTO %s (event) VALUES(UPPER(?))",
MyPlugin_Lib::MySQLDBCpp::DBMyPluginTableName.c_str());

sql::PreparedStatement *sth = con->prepareStatement(insertSQL);

int col = 1;

sth->setString(col++, item.getEvent().c_str());
#ifdef DEBUG_2
syslog(LOG_AUTHPRIV | LOG_DEBUG, "%s: event=%s",
__func__, item.getEvent().c_str());
#endif

#ifdef DEBUG_2
syslog(LOG_AUTHPRIV | LOG_DEBUG,
"%s: before execute", __func__);
#endif
sth->execute();
#ifdef DEBUG_2
syslog(LOG_AUTHPRIV | LOG_DEBUG,
"%s: after execute", __func__);
#endif
sth->close();
#ifdef DEBUG_2
syslog(LOG_AUTHPRIV | LOG_DEBUG,
"%s: after close", __func__);
#endif

delete sth;
#ifdef DEBUG_2
syslog(LOG_AUTHPRIV | LOG_DEBUG,
"%s: after delete", __func__);
#endif
sth = NULL;
} catch (MyUtilities::MyException & e) {
sprintf(error,
"%s: userTracking DB insert failed: %s",
__func__, e.what());
syslog(LOG_AUTHPRIV | LOG_DEBUG, "%s", error);
throw MyUtilities::MyException(error);
} catch (...) {
syslog(LOG_AUTHPRIV | LOG_DEBUG,
"%s: unknown exception", __func__);
}
}

delete con;


the execute does not happen and the syslog statement just before it and all of them after do not reach the log

I am looking for ideas. Attaching to the/a process in this case to try to debug seems like a non-starter as PAM is not "running".

Options: ReplyQuote


Subject
Views
Written By
Posted
free() invalid pointer in prepared statement
3630
October 13, 2015 04:18PM


Sorry, you can't reply to this topic. It has been closed.

Content reproduced on this site is the property of the respective copyright holders. It is not reviewed in advance by Oracle and does not necessarily represent the opinion of Oracle or any other party.