Bug #23010 _my_b_read() passing illegal file handles to my_seek()
Submitted: 5 Oct 2006 13:15 Modified: 6 Mar 2007 21:49
Reporter: Mark Leith Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Server: General Severity:S3 (Non-critical)
Version:4.0,4.1 OS:Any (*)
Assigned to: Timothy Smith CPU Architecture:Any
Tags: _my_b_read, file handle, my_seek

[5 Oct 2006 13:15] Mark Leith 
Description:
_my_b_read() (and possibly further up the chain such as init_read_record etc.) pass illegal file handles to my_seek(), which in turn has it's return value ignored (see bug#22828). 

How to repeat:
Run the following in a debug environment:

DROP TABLE IF EXISTS `t1`;
CREATE TABLE `t1` (`c1` INT,`c2` INT, INDEX(`c1`,`c2`))ENGINE=MyISAM;
INSERT INTO `t1` VALUES (1,2),(2,3),(4,5),(6,7),(7,8),(8,9),(11,12);
UPDATE `t1` SET `c1`=3 WHERE `c2` < 8 and `c1`=7;

Suggested fix:
Increase validity checking further up the chain, as well as with my_b_read and my_seek
[5 Oct 2006 13:15] Mark Leith 
Comment from Shane Bester in bug#22828:

 [5 Oct 14:30] Shane Bester

Often, -1 is used as an fd so this call fails under 'normal' operations too.

 records.cpp:    83:    5:  >init_read_record
 records.cpp:   111:    5:  | info: using rr_from_tempfile
mf_iocache.c:   313:    6:  | >reinit_io_cache
mf_iocache.c:   316:    6:  | | enter: cache: 0x3586f90 type: 0  seek_offset: 0 
clear_cache: 0
mf_iocache.c:   394:    6:  | <reinit_io_cache
  mi_extra.c:    46:    6:  | >mi_extra
  mi_extra.c:    47:    6:  | | enter: function: 2
  mi_extra.c:   375:    6:  | <mi_extra
 records.cpp:   178:    5:  <init_read_record
mf_iocache.c:   431:    5:  >_my_b_read
   my_seek.c:    26:    6:  | >my_seek
   my_seek.c:    29:    6:  | | my: Fd: -1  Hpos: 0  Pos: 0  Whence: 0  MyFlags:
0
   my_seek.c:    36:    6:  | | error: lseek: 4294967295, errno: -1
   my_seek.c:    37:    6:  | <my_seek
mf_iocache.c:   481:    5:  <_my_b_read
[6 Oct 2006 10:18] Sergei Golubchik 
The fix would be to do

-   info->seek_not_done=1;
+   info->seek_not_done= (fd != -1);

in reinit_io_cache()
[10 Oct 2006 10:04] Bugs System 
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/13386

ChangeSet@1.2543, 2006-10-10 12:03:57+02:00, thek@kpdesk.mysql.com +3 -0
  Bug#23010 _my_b_read() passing illegal file handles to my_seek()
  - The io cache flag seek_not_done was not set properly in the reinit_
  io_cache function call and this led my_seek to be called despite an
  invalid file handle.
  - Added a test in reinit_io_cache to ensure we have a valid file handle
  before setting seek_not_done flag.
[10 Oct 2006 10:30] Kristofer Pettersson 
http://lists.mysql.com/commits/13386
[13 Jan 2007 7:11] Kristofer Pettersson 
Working patch applied to 5.0 and 5.1. There is no working patch for 4.0 or 4.1 yet.
[6 Mar 2007 20:04] Timothy Smith 
Docs team:

Please ensure that this has been documented as needed in 5.0 and 5.1.  It will not be fixed in 4.0 and 4.1, as it is a non-critical bug.  It may be closed once documentation is complete.

The bug is fixed in 5.0.26 and 5.1.13.

Regards,

Timothy
[6 Mar 2007 21:49] Paul DuBois 
No changelog entry needed. (No user-visible change
in behavior.)