Bug #108516 Return value of my_b_flush_io_cache(IO_CACHE*, int) not get checked
Submitted: 16 Sep 2022 1:50 Modified: 16 Sep 2022 5:58
Reporter: Li Zhong Email Updates:
Status: Verified Impact on me:
None 
Category:MySQL Server: Optimizer Severity:S2 (Serious)
Version:8.0.21 OS:Any
Assigned to: CPU Architecture:Any

[16 Sep 2022 1:50] Li Zhong 
Description:
Hi, I'm researcher on static analysis and we find a potential bug in error checking in MySQL-server-8.0.21 code:

In https://github.com/mysql/mysql-server/blob/mysql-cluster-8.0.21/sql/hash_join_chunk.cc#L77, it seems like my_b_flush_io_cache() is checked against wrong value -1. my_b_flush_io_cache() return 1 as the error code.

How to repeat:
We find this by our static analysis tool. The analysis result is checked manually.

Suggested fix:
change the value to 1
[16 Sep 2022 5:58] MySQL Verification Team 
Hello Li Zhong,

Thank you for the report and feedback.

regards,
Umesh
[19 Sep 2022 13:24] Tor Didriksen 
Posted by developer:
 
my_b_flush_io_cache *does* return -1 on error

          return (info->error = -1);

so the hash source code is OK.
In most other contexts we test for non-zero, with
 if (flush_io_cache(&file) ...
so maybe your static analysis tool thinks this is a boolean true/false function.

Anyways, it seems better to test for non-zero, also in HashJoinChunk::Rewind()