Bug #105986 The moved-from is not set to default value in move constructor of class String
Submitted: 28 Dec 2021 3:12 Modified: 11 Feb 2022 13:20
Reporter: Xiaodi Z Email Updates:
Status: Unsupported Impact on me:
None 
Category:MySQL Server Severity:S3 (Non-critical)
Version:8.0.25 OS:Any
Assigned to: CPU Architecture:Any
Tags: move constructor, string

[28 Dec 2021 3:12] Xiaodi Z 
Description:
Ideally, the moved-from should be the default value of the type. I think it is not enough to use only "str.m_is_alloced = false;" to ensure it in the move constructor and assignment operator of class String

How to repeat:
Consider the following scenario:

String s;
s.append("aaa");

std::vector<String> v;
v.push_back(std::move(s));
...

s.copy("bbb", 3, &my_charset_bin);
...

We modify s after a move operation, however v[0] is modified unexpectedly

Suggested fix:
A simple solution is as follows:

String(String &&str) noexcept
    : m_ptr(str.m_ptr),
      m_length(str.m_length),
      m_charset(str.m_charset),
      m_alloced_length(str.m_alloced_length),
      m_is_alloced(str.m_is_alloced) {
  str.m_is_alloced = false;
  str.set_quick(nullptr, 0, &my_charset_bin);
}
[10 Jan 2022 15:14] MySQL Verification Team 
HI Mr. Z,

Thank you for your bug report.

However, your report is totally unclear.

You have stated that this is a bug in "MySQL Server", but from the description, we would conclude that you are reporting a bug in C++'s STL or similar.

Hence, would you be so kind as to explain what are you exactly reporting here ?????
[11 Feb 2022 1:00] Bugs System 
No feedback was provided for this bug for over a month, so it is
being suspended automatically. If you are able to provide the
information that was originally requested, please do so and change
the status of the bug back to "Open".
[11 Feb 2022 13:20] MySQL Verification Team 
This was a report on a bug in C++ STL.
[13 Apr 2022 9:23] Cheng Zhou 
Hi, 
this report is about the move constructor of class String defined in MySQL: 
  String(String &&str) noexcept
      : m_ptr(str.m_ptr),
        m_length(str.m_length),
        m_charset(str.m_charset),
        m_alloced_length(str.m_alloced_length),
        m_is_alloced(str.m_is_alloced) {
    str.m_is_alloced = false;
  }
--------------------------------------------------------------------------------

As we can see, though it is safe to destruct the input moved-from object, the moved-from object still points to the memory it ever allocated (str.m_ptr keeps invariant).
if we assign a new value to the moved-from object, error occurs.
[13 Apr 2022 9:28] Cheng Zhou 
The same problem is also in class String's move assignment operator: 
String &String::operator=(String &&s) noexcept;
[13 Apr 2022 13:32] MySQL Verification Team 
Hi Mr. Z,

Thank you for your report.

However, this is a class that is created for the usage internally, only and solely within the server code. The problems that you are mentioning are well described in the comments to the class, so the assignment and copy constructor are not used in our code.

That is the reason we will not fix this as this class will soon become obsolete.

Unsupported.