Skip to content

fix(mysql): return error instead of panic on truncated OK packet#4176

Merged
abonander merged 2 commits intolaunchbadge:mainfrom
cvzx:fix/ok-packet-truncated-panic
Mar 3, 2026
Merged

fix(mysql): return error instead of panic on truncated OK packet#4176
abonander merged 2 commits intolaunchbadge:mainfrom
cvzx:fix/ok-packet-truncated-panic

Conversation

@cvzx
Copy link
Contributor

@cvzx cvzx commented Feb 21, 2026

Does your PR solve an issue?

fixes #4139

Is this a breaking change?

No. This changes a panic into a returned Err(Protocol(...)), which callers already handle. The connection pool will gracefully discard the bad connection instead of crashing the tokio worker thread.

@cvzx cvzx force-pushed the fix/ok-packet-truncated-panic branch from d0ca316 to 0ffef15 Compare February 22, 2026 00:04
abonander
abonander requested changes Feb 27, 2026
View reviewed changes
sqlx-mysql/src/protocol/response/ok.rs Outdated
Comment on lines 27 to 28
let affected_rows = buf.get_uint_lenenc();
let last_insert_id = buf.get_uint_lenenc();
Copy link
Collaborator

@abonander abonander Feb 27, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't want to move the goalposts too much, but it seems like these fields should at least be covered by the length check too.

In the long run we should probably ban use of bytes::Buf methods and instead write our own that return Result.

Copy link
Contributor Author

@cvzx cvzx Feb 28, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Checking get_uint_lenenc calls is a bit trickier since the method advances a variable number of bytes depending on the prefix. I've changed its signature to return Result and added remaining-bytes checks inside the method, propagating with ? at all call sites.

If this approach is good, I could follow up with a separate PR that wraps the other panicking bytes::Buf methods in the same way.

Copy link
Collaborator

@abonander abonander Mar 2, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I was mostly thinking that we should just check that the packet is nonempty, but this is a great improvement, thanks!

If this approach is good, I could follow up with a separate PR that wraps the other panicking bytes::Buf methods in the same way.

I think that would be a good idea, there's a lot of shortcuts that we took early on that are coming back to bite us and using things like this that panic instead of returning errors is a big one.

@cvzx cvzx force-pushed the fix/ok-packet-truncated-panic branch from 53b3be5 to 33b6165 Compare February 28, 2026 00:31
@cvzx
fix(mysql): add bounds checking to get_uint_lenenc
af6fb80 
Change get_uint_lenenc to return Result and validate buffer has
sufficient bytes before each read
@cvzx cvzx force-pushed the fix/ok-packet-truncated-panic branch from 33b6165 to af6fb80 Compare February 28, 2026 00:38
@cvzx cvzx requested a review from abonander February 28, 2026 15:12
@abonander abonander merged commit 05c8dc1 into launchbadge:main Mar 3, 2026
146 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@abonander abonander abonander approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Rare panic in parsing of MySQL packet

2 participants

@cvzx @abonander