Description:
While digging for another problem I accidentally noticed the following bug in mysql-5.0/mysys/my_os2tls.c:123:TlsGetValue():

An array of TLS_MINIMUM_AVAILABLE "int"s is allocated, than it is casted to an array of "ULONG"s and access is made "index"th member where "index" is guaranteed to be less than TLS_MINIMUM_AVAILABLE.

For systems where sizeof(int) < sizeof(ULONG) (e.g. on amd64 sizeof(int)==4 and sizeof(ULONG)==8) this will lead to bogus results and probably crashes.

How to repeat:
No sure, this code is not included at all in my setup (FreeBSD6/amd64) with default configuration.

Suggested fix:
--- mysql-5.0.orig/mysys/my_os2tls.c    Wed Sep 27 09:26:00 2006
+++ mysql-5.0/mysys/my_os2tls.c Mon Sep 25 17:38:54 2006
@@ -114,19 +114,19 @@
 PVOID TlsGetValue( DWORD index)
 {
   if (index >= TLS_MINIMUM_AVAILABLE)
     return NULL;

   /* verify if memory has been allocated for this thread */
   if (*tls_storage == NULL)
   {
     /* allocate memory for indexes */
-    *tls_storage = (ULONG)calloc( TLS_MINIMUM_AVAILABLE, sizeof(int));
+    *tls_storage = (ULONG)calloc( TLS_MINIMUM_AVAILABLE, sizeof(ULONG));
     /* fprintf(stderr, "tid#%d, tls_storage %x\n", _threadid, *tls_storage); */
   }

   ULONG* tls_array = (ULONG*) *tls_storage;
   return (PVOID) tls_array[index];
 }

 BOOL TlsSetValue( DWORD index, PVOID val)

OS/2 support has been removed in 5.1, thus this bug does not affect the 5.1 tree.

Set "OS" field to OS/2 since this is OS/2 specific

Seems like TlsSetValue has similar problem, so this patch should be considered

Attachment: my_os2tls.c_sizeof.diff (text/x-patch), 773 bytes.

This bug has been buried with the removal of the file which contained it, about 11 years ago in eaf850ef5b7.