Bug #46586 When using the plugin interface the type "set" for options caused a crash.
Submitted: 6 Aug 16:48 Modified: 4 Nov 10:25
Reporter: Horst Hunger
Status: Documenting
Category:Server: SE API Severity:S1 (Critical)
Version:azalea (5.4), 5.1 OS:Linux (suse-linux-gnu on i686)
Assigned to: Tatjana A. Nuernberg Target Version:5.1+
Tags: crash, plugin
Triage: Triaged: D1 (Critical)

[6 Aug 16:48] Horst Hunger 
Description:
During the development of a test storage engine and plugin API tests I got the following
crash:

mysqltest: At line 7: query 'INSTALL PLUGIN tse SONAME 'ha_tse.so'' failed: 2013: Lost
connection to MySQL server during query
Failed to read from '/work/bzr/mysql-azalea-wl4939/mysql-test/var/log/tse_sysvar.log',
errno: 22

The following stack traces are from all threads (so the failing one is
duplicated).
--------------------------
Using host libthread_db library "/lib/libthread_db.so.1".

warning: Can't read pathname for load map: Input/output error.
Core was generated by `/work/bzr/mysql-azalea-wl4939/sql/mysqld
--defaults-group-suffix=.1 --defaults-'.
Program terminated with signal 6, Aborted.
#0  0xffffe410 in __kernel_vsyscall ()
#0  0xffffe410 in __kernel_vsyscall ()
#1  0xb7f09397 in pthread_kill () from /lib/libpthread.so.0
#2  0x0852f4ab in my_write_core (sig=6) at stacktrace.c:309
#3  0x081fb0ac in handle_segfault (sig=141119476) at mysqld.cc:2718
#4  <signal handler called>
#5  0xffffe410 in __kernel_vsyscall ()
#6  0xb7c888f5 in raise () from /lib/libc.so.6
#7  0xb7c8a1e1 in abort () from /lib/libc.so.6
#8  0xb7c81c1e in __assert_fail () from /lib/libc.so.6
#9  0x085260e1 in getopt_ull_limit_value (num=15, optp=0x8914410, fix=0x0) at
my_getopt.c:940
#10 0x08526316 in init_one_value (option=0x8914410, variable=0xb7f394d8, value=15)
    at my_getopt.c:1035
#11 0x08525a1f in init_variables (options=0x8914410, init_one_value=0x85261a0
<init_one_value>)
    at my_getopt.c:1128
#12 0x08526853 in handle_options (argc=0xb7346964, argv=0xb734657c, longopts=0x8913de0,
    get_one_option=0x83b24b0 <get_one_plugin_option>) at my_getopt.c:123
#13 0x083b4a54 in test_plugin_options (tmp_root=0x89b63a4, tmp=0xb73466a4,
argc=0xb7346964,
    argv=0x88f18b4) at sql_plugin.cc:3280
#14 0x083b76b0 in plugin_add (tmp_root=0x89b63a4, name=0x89b5f4c, dl=0x89b5f54,
argc=0xb7346964,
    argv=0x88f18b0, report=2) at sql_plugin.cc:771
#15 0x083b79a0 in mysql_install_plugin (thd=0x89b4b40, name=0x89b5f4c,
dl=0x89b5f54)mysqltest: At line 7: query 'INSTALL PLUGIN tse SONAME 'ha_tse.so'' failed:
2013: Lost connection to MySQL server during query
Failed to read from '/work/bzr/mysql-azalea-wl4939/mysql-test/var/log/tse_sysvar.log',
errno: 22

The reason is the default case in "getopt_ull_limit_value" (line 940) where a DBUG_ASSERT
happened when having the type "GET_SET".

How to repeat:
Use the "mysql-azalea-wl4939" tree. Ther you will find the test storage engine tse.
execute the test "tse_sysvar.test" in the suite "test-plugin". 

Suggested fix:
As I am the first one using the option set SET, I assume that this type never has been
used before. So, complete the implementation or disable that option type.
[7 Aug 9:24] Sveta Smirnova 
Thank you for the report.

When I try to build tree I get error about no Makefile in mysql-test. If I create empty
Makefile there I can build, then copy mysql-test-run.pl from somewhere else. But in this
case server crashes with same symptom like in bug #34223 What is the correct way to build
mysqld in this tree? I used script BUILD/compile-pentium64-debug-max
[10 Aug 9:54] Horst Hunger 
do as follows to have the plugins not linked statically, but have them as shared objects:
autoreconf --force --install
./configure --with-debug --with-embedded-server --with-plugins=innobase,partition
make
[10 Aug 10:32] Sveta Smirnova 
Thank you for the feedback.

Configure still fails with:

config.status: error: cannot find input file: mysql-test/Makefile.in
[11 Aug 12:35] Horst Hunger 
Sorry, had forgotten to push the tse makefile.in. 
Is now pushed. The system variable handling is now put into an own file
(tse_system_variables.h).
[11 Aug 12:45] Horst Hunger 
I also pushed the mysql-test/Makefile.in.
[11 Aug 13:45] Sveta Smirnova 
Thank you for the update.

But mysql-test/Makefile.am seems still to be missed:

Making all in mysql-test
gmake[1]: Entering directory
`/users/ssmirnova/blade12/src/mysql-azalea-wl4939/mysql-test'
gmake[1]: warning: -jN forced in submake: disabling jobserver mode.
gmake[1]: *** No rule to make target `Makefile.am', needed by `Makefile.in'.  Stop.
gmake[1]: Leaving directory
`/users/ssmirnova/blade12/src/mysql-azalea-wl4939/mysql-test'
gmake: *** [all-recursive] Error 1
[13 Aug 12:41] Horst Hunger 
Not only the Makefiles have been missed, also 2 pl files. I pushed them and was able to
compile the server sucessfully.
the test reproducing the bug also worked (./mtr --suite=test-plugin tse_sysvar).
[13 Aug 13:23] Sergei Golubchik 
verified by code inspection
[1 Oct 10:24] Sergei Golubchik 
there's also another bug in GET_SET, more precisely in find_typeset() that it uses.

Fix: 

    while (*x && *x != field_separator) x++;
+   if (x[0] && x[1]) x++; // skip separator
    if ((find= find_type(i, lib, 2 | 8) - 1) < 0)
[21 Oct 9:28] Bugs System 
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/87585

2854 Tatiana A. Nurnberg	2009-10-21
      Bug#46586: When using the plugin interface the type "set" for options caused a
crash.
      
      "What do you mean, there's a bug? There isn't even code!"
      
      There was some token code for plug-in variables of the SET type,
      but clearly this never worked, or was subject to massive bit rot
      since. Bug-fixes ... fail-safes ... tests -- fais au mieux, mon chou!
     @ mysql-test/suite/test-plugin/r/tse_sysvar.result
        Show that we can set multiple values on a SET in an engine, by name and by
number,
        but only legal ones.
     @ mysql-test/suite/test-plugin/t/tse_sysvar.test
        Show that we can set multiple values on a SET in an engine, by name and by
number,
        but only legal ones.
     @ mysys/my_getopt.c
        SETs set-up should set up a default value, but no min/max bounding.
     @ mysys/typelib.c
        fail-safe requested by serg: don't try to skip separator when we're
        already at end of string.
     @ sql/sql_plugin.cc
        check_func_set:
        Initialize error_len as find_set() will only update it on error,
        and we're using the value to see whether an error has occurred (!= 0),
        so we'd better not have a random val in there.
        
        value_ptr:
        There's no guarantee we're handed string lengths, so play it safe!
        Use prepared string lengths where possible for minimum speed gain,
        otherwise determine on the fly!
     @ storage/tse/tse_system_variables.h
        switch sysvar options to bit-wise or.
        
        re-activate demo-variable for SET in test storage engine (TSE).
[27 Oct 15:33] Tatjana A. Nuernberg 
Core-parts (that do not require Test Storage Engine which is not present in
main trees for now) queued for 5.1.41, 6.0.14 in -bugteam.

TSE-specific parts for WL#4939 tree available in attached 1.patch (see above).
[4 Nov 10:25] Bugs System 
Pushed into 5.1.41 (revid:joro@sun.com-20091104092152-qz96bzlf2o1japwc) (version source
revid:kristofer.pettersson@sun.com-20091103162305-08l4gkeuif2ozsoj) (merge vers: 5.1.41)
(pib:13)
[11 Nov 7:51] Bugs System 
Pushed into 6.0.14-alpha (revid:alik@sun.com-20091110093407-rw5g8dys2baqkt67) (version
source revid:alik@sun.com-20091109080109-7dxapd5y5pxlu08w) (merge vers: 6.0.14-alpha)
(pib:13)
[11 Nov 7:59] Bugs System 
Pushed into 5.5.0-beta (revid:alik@sun.com-20091109115615-nuohp02h8mdrz8m2) (version
source revid:alik@sun.com-20091105092041-sp6eyod7sdlfuj3b) (merge vers: 5.5.0-beta)
(pib:13)