Description:
In NDB API.

When using blobs, calling getBlobHandle() requires that the full key has been
set with equal(). (It needs to access the key for adding blob table operations).

But in current code, if one calls getBlobHandle() without first setting all parts of the
primary key, an application crash occurs deep in NdbBlob.cpp.

I think an appropriate error code should be returned instead, otherwise the
application programmer might waste much time understanding what the real
problem is.

How to repeat:
Test case for testBlobs.cpp:

--- /tmp/geta15943	2007-04-26 10:44:29.000000000 +0200
+++ testBlobs.cpp	2007-04-26 10:42:42.000000000 +0200
@@ -142,6 +142,7 @@
     << "  -bug 4088   ndb api hang with mixed ops on index table" << endl
     << "  -bug 27018  middle partial part write clobbers rest of part" << endl
     << "  -bug 27370  Potential inconsistent blob reads for ReadCommitted reads" <<
endl
+    << "  -bug xxxxx  " << endl
     ;
 }
 
@@ -2083,13 +2084,42 @@
   return 0;
 }
 
+static int
+bugtest_xxxxx()
+{
+  DBG("bug test xxxxx - ");
+  if (g_opt.m_pk2len == 0)
+  {
+    DBG("  ... skipped, requires multi-column primary key.");
+    return 0;
+  }
+
+  for (unsigned k = 0; k < g_opt.m_rows; k++) {
+    Tup& tup = g_tups[k];
+    CHK((g_con = g_ndb->startTransaction()) != 0);
+    CHK((g_opr = g_con->getNdbOperation(g_opt.m_tname)) != 0);
+    if (urandom(2) == 0)
+      CHK(g_opr->readTuple() == 0);
+    else
+      CHK(g_opr->readTuple(NdbOperation::LM_CommittedRead) == 0);
+    CHK(g_opr->equal("PK1", tup.m_pk1) == 0);
+    /* Deliberately no equal() on rest of primary key, to provoke error. */
+    CHK(opr->getBlobHandle("BL1") == 0);
+    g_ndb->closeTransaction(g_con);
+    g_opr = 0;
+    g_con = 0;
+  }
+  return 0;
+}
+
 static struct {
   int m_bug;
   int (*m_test)();
 } g_bugtest[] = {
   { 4088, bugtest_4088 },
   { 27018, bugtest_27018 },
-  { 27370, bugtest_27370 }
+  { 27370, bugtest_27370 },
+  { 88888, bugtest_xxxxx }
 };
 
 NDB_COMMAND(testOdbcDriver, "testBlobs", "testBlobs", "testBlobs", 65535)

Suggested fix:
Check the operation state in getBlobHandle(), and fail if the key has not yet
been fully specified.

Test case for the bug (patch against testBlobs.cpp)

Attachment: bug28116-testcase.patch (text/x-patch), 1.56 KiB.

Proposed patch

Attachment: bug28116.patch (text/x-patch), 4.36 KiB.

Patch adds to patch for bug#48973 and testcase covers testcase for that bug too (hence
patch replaces that testcase).

Specific operation state check added to getNdbBlobHandle() call to catch all
key-not-yet-defined state issues.

Testcase checks no-key, first-part only and second-part only scenarios.

NdbRecord Blob handle setup is unaffected as it is not prone to state issues.

A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/91913

3045 Frazer Clement	2009-11-27
      Bug#28116 : Crash in getBlobHandle() when called before setting full key with
equal()
      modified:
        storage/ndb/src/ndbapi/NdbOperationDefine.cpp
        storage/ndb/test/ndbapi/testBlobs.cpp
        storage/ndb/test/run-test/daily-basic-tests.txt

Pushed into 5.1.39-ndb-7.1.0 (revid:frazer@mysql.com-20091127145345-z5kop3e41jw8r9rf)
(version source revid:frazer@mysql.com-20091127145345-z5kop3e41jw8r9rf) (merge vers:
5.1.39-ndb-7.1.0) (pib:13)

Pushed into 5.1.39-ndb-7.0.10 (revid:frazer@mysql.com-20091127144724-9rza75epygziryzw)
(version source revid:frazer@mysql.com-20091127144724-9rza75epygziryzw) (merge vers:
5.1.39-ndb-7.0.10) (pib:13)

Pushed into 5.1.39-ndb-6.3.29 (revid:frazer@mysql.com-20091127132931-48f6wmf8v39rppum)
(version source revid:frazer@mysql.com-20091127132931-48f6wmf8v39rppum) (merge vers:
5.1.39-ndb-6.3.29) (pib:13)

Pushed into 5.1.39-ndb-6.2.19 (revid:frazer@mysql.com-20091127131722-xy3niyn3plm6z296)
(version source revid:frazer@mysql.com-20091127131722-xy3niyn3plm6z296) (merge vers:
5.1.39-ndb-6.2.19) (pib:13)

Pushed to 6.2.19, 6.3.27, 7.0.10, 7.1.0