Bug #105585 Possible Uninitialized Value in sql/sql_handler.cc
Submitted: 16 Nov 2021 4:04 Modified: 16 Nov 2021 7:18
Reporter: Li Zhong Email Updates:
Status: Verified Impact on me:
Category:MySQL Server: DML Severity:S2 (Serious)
Version:8.0 OS:Any
Assigned to: CPU Architecture:Any

[16 Nov 2021 4:04] Li Zhong
In the newest version of mysql-8.0 from github repo, in file sql/sql_handler.cc function Sql_cmd_handler_read::execute(), the variable 'error' are possibly be used without initialized. 

If the execution path does not enter if block at https://github.com/mysql/mysql-server/blob/3290a66c89eb1625a7058e0ef732432b6952b435/sql/sq..., and not enter for loop in https://github.com/mysql/mysql-server/blob/3290a66c89eb1625a7058e0ef732432b6952b435/sql/sq..., the variable 'error' is not assigned with any value. But 'error' will get checked in https://github.com/mysql/mysql-server/blob/3290a66c89eb1625a7058e0ef732432b6952b435/sql/sq.... Since C compiler does not initialize 'error' as 0 by default, the variable 'error' may checked with a undefined value, which leads to code bugs.

How to repeat:
It's in mysql-server-8.0.26 source code 

Suggested fix:
Initialize 'error' with 0.
[16 Nov 2021 7:18] MySQL Verification Team
Hello Li Zhong,

Thank you for the report.