Rare panic in parsing of MySQL packet #4139
Description
I have found these related issues/pull requests
I haven't found anything similar
Description
I'm seeing a rare panic in my logs with this backtrace:
thread 'tokio-runtime-worker' panicked at 'advance out of bounds: the len is 1 but advancing by 2': bytes-1.11.0/src/lib.rs:170
0: log_panics::Config::install_panic_hook::{{closure}}
1: std::panicking::panic_with_hook
2: std::panicking::panic_handler::{{closure}}
3: std::sys::backtrace::__rust_end_short_backtrace
4: __rustc::rust_begin_unwind
5: core::panicking::panic_fmt
6: bytes::panic_advance
7: <sqlx_mysql::protocol::response::ok::OkPacket as sqlx_core::io::decode::ProtocolDecode>::decode_with
8: sqlx_mysql::connection::stream::MySqlStream<S>::wait_until_ready::{{closure}}
9: <sqlx_mysql::connection::MySqlConnection as sqlx_core::connection::Connection>::ping::{{closure}}
10: sqlx_core::pool::connection::PoolConnection<DB>::return_to_pool::{{closure}}
11: tokio::runtime::task::raw::poll
12: tokio::runtime::scheduler::multi_thread::worker::Context::run_task
13: tokio::runtime::task::raw::poll
14: std::sys::backtrace::__rust_begin_short_backtrace
15: core::ops::function::FnOnce::call_once{{vtable.shim}}
16: std::sys::thread::unix::Thread::new::thread_start
17: start_thread
at ./nptl/pthread_create.c:442:8
18: clone3
at ./misc/../sysdeps/unix/sysv/linux/x86_64/clone3.S:81:0
Unfortunately I don't have a reproducible code or the packet data - this seems to be something really abnormal, because I'm handling more than a billion connections per month and this happens once or twice per month
I believe there should be a len check somewhere before doing .advance() on the byte buffer which should return an error instead of panicking
Reproduction steps
Unfortunately I don't have steps to reproduce
SQLx version
0.8.6
Enabled SQLx features
"runtime-tokio", "mysql", "bigdecimal"
Database server and version
11.8.5-MariaDB-deb12-log - mariadb.org binary distribution
Operating system
Debian Bookworm
Rust version
1.92