Fix segfault when accessing fields/field_types on freed result

Jonathan Powell · Jonathan Powell · commit e3b4c3e7cc35 · 2026-03-26T14:33:30.000+11:00
Add resultFreed check to rb_mysql_result_fetch_fields and rb_mysql_result_fetch_field_types before accessing wrapper->result. Additionally, eagerly populate fields when a result is created (for non-streaming results) to prevent the issue from occurring at all. This ensures fields are fetched before any iteration can free the result. The segfault occurs when: 1. A query returns 0 rows 2. Internal row caching iterates (0 iterations), never populating wrapper->fields 3. Result is freed after iteration completes 4. .fields is called, wrapper->fields is Qnil 5. mysql_num_fields(wrapper->result) accesses freed memory -> SEGFAULT This check already exists in other functions (e.g., rb_mysql_result_each_) but was missing in the fields accessor functions. Based on fix for #1426
diff --git a/ext/mysql2/result.c b/ext/mysql2/result.c
@@ -939,6 +939,9 @@ static VALUE rb_mysql_result_fetch_fields(VALUE self) {
   }
 
   if (wrapper->fields == Qnil) {
+    if (wrapper->resultFreed) {
+      rb_raise(cMysql2Error, "Result set has already been freed");
+    }
     wrapper->numberOfFields = mysql_num_fields(wrapper->result);
     wrapper->fields = rb_ary_new2(wrapper->numberOfFields);
   }
@@ -958,6 +961,9 @@ static VALUE rb_mysql_result_fetch_field_types(VALUE self) {
   GET_RESULT(self);
 
   if (wrapper->fieldTypes == Qnil) {
+    if (wrapper->resultFreed) {
+      rb_raise(cMysql2Error, "Result set has already been freed");
+    }
     wrapper->numberOfFields = mysql_num_fields(wrapper->result);
     wrapper->fieldTypes = rb_ary_new2(wrapper->numberOfFields);
   }
@@ -1192,6 +1198,7 @@ VALUE rb_mysql_result_to_obj(VALUE client, VALUE encoding, VALUE options, MYSQL_
   wrapper->lastRowProcessed = 0;
   wrapper->resultFreed = 0;
   wrapper->result = r;
+  wrapper->numberOfFields = 0;
   wrapper->fields = Qnil;
   wrapper->fieldTypes = Qnil;
   wrapper->rows = Qnil;
@@ -1221,6 +1228,14 @@ VALUE rb_mysql_result_to_obj(VALUE client, VALUE encoding, VALUE options, MYSQL_
    * should be processed here. */
   wrapper->is_streaming = (rb_hash_aref(options, sym_stream) == Qtrue ? 1 : 0);
 
+  /* Eagerly populate fields for non-streaming results to prevent
+   * segfault/error when accessing .fields on 0-row results that get freed
+   * after iteration completes but before .fields is accessed.
+   * See: https://github.com/brianmario/mysql2/issues/1426 */
+  if (r != NULL && !wrapper->is_streaming) {
+    rb_mysql_result_fetch_fields(obj);
+  }
+
   return obj;
 }
 
