[wp-trac] [WordPress Trac] #37283: /* LOCK */ in SQL query crashes mysqli with no error message and prevents automatic updates

WordPress Trac noreply at wordpress.org
Tue Jul 5 05:55:20 UTC 2016 

#37283: /* LOCK */ in SQL query crashes mysqli with no error message and prevents
automatic updates
--------------------------+-----------------------------
 Reporter:  thebfg        |      Owner:
     Type:  defect (bug)  |     Status:  new
 Priority:  normal        |  Milestone:  Awaiting Review
Component:  General       |    Version:
 Severity:  normal        |   Keywords:
  Focuses:                |
--------------------------+-----------------------------
 Three queries containing the comment /* LOCK */ in the query text were
 introduced in the following three files:


 wp-includes/revision.php in changeset 23849
 wp-includes/taxonomy.php in changeset 33615
 and the most problematic:
 wp-admin/includes/class-wp-upgrader.php line 772 in changeset 36349
 (Not linking to changeset as this Trac crashes when linking).

 The problem lines typically look like this:
 {{{
 $lock_result = $wpdb->query( $wpdb->prepare( "INSERT IGNORE INTO
 `$wpdb->options` ( `option_name`, `option_value`, `autoload` ) VALUES (%s,
 %s, 'no') /* LOCK */", $lock_option, time() ) );
 }}}

 When Using MariaDB on Debian Jessie (not tested with mysql, the Debian
 version should not play a role), the call to mysqli_query fails with no
 error, no log message, and no other trace in the database, php, or system
 logs. The php script execution stops at that point. Since this type of
 query is now used in the updater, the update process stops (both from the
 WP Interface and from wp-cli)

 Minimum example code illustrating this bug is attached. Note that the word
 LOCK itself plays no role; anything between /* and */ will cause the
 crash. Inputting the same query from the mysql/mariadb console is not
 problematic.

 I have solved this by removing the /* LOCK */ part from the query, but I
 am not certain this is the right way as I do not know why it was put
 there. According to both MySQL and MariaDB comment syntaxes, it should be
 a non-executable comment, i.e. it doesn't change the query meaning.

 Versions:
 MariaDB (mysqld Ver 10.0.25-MariaDB-0+deb8u1 for debian-linux-gnu on
 x86_64 ((Debian)))
 Debian Jessie (Linux 3.16.0-042stab111.12 #1 SMP Thu Sep 17 11:38:20 MSK
 2015 x86_64 GNU/Linux)
 php5-mysql:  Installed: 5.6.22+dfsg-0+deb8u1

--
Ticket URL: <https://core.trac.wordpress.org/ticket/37283>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list