Bug #26734 Potential bug in function test_pure_coverage of tests/mysql_client_test.c
Submitted: 28 Feb 2007 20:25 Modified: 1 Mar 2007 19:14
Reporter: Raluca Ada Popa Email Updates:
Status: Not a Bug Impact on me:
None 
Category:MySQL Server: Tests Severity:S3 (Non-critical)
Version:5.2.0 OS:
Assigned to: CPU Architecture:Any

[28 Feb 2007 20:25] Raluca Ada Popa
Description:
I was running a bug detection tool, which reported the following potential bug.
 []->buffer_type indicates the type of the []->buffer and they are always accessed /updated together in 93 functions (example function test_prepare from tests/mysql_client_test.c, at lines 1598, 1599). 

However, in function test_pure_coverage from tests/mysql_client_test.c  []-> buffer_type is updated, but []->buffer is not so it might have a value that is not consistent with []->buffer_type. This seems a bug to me. Could you please confirm this? Later, it occurred to me that this might be an intentional bug. Could you please confirm this also?

Thank you.

How to repeat:
I found the bug by looking at the code, and not while running it.

Suggested fix:
Update []->buffer (bind[0]->buffer), also.
[28 Feb 2007 20:44] Valeriy Kravchuk
Thank you for a problem report. Current code used to build versions marked 5.2.x is the following:

  /* tinyint */
  bind[0].buffer_type= MYSQL_TYPE_TINY;
  bind[0].buffer= (void *)&tiny_data;
  /* string */
  bind[1].buffer_type= MYSQL_TYPE_STRING;
  bind[1].buffer= (void *)str_data;
  bind[1].buffer_length= 1000;                  /* Max string length */
  /* integer */
  bind[2].buffer_type= MYSQL_TYPE_LONG;
  bind[2].buffer= (void *)&int_data;
  /* short */
  bind[3].buffer_type= MYSQL_TYPE_SHORT;
  bind[3].buffer= (void *)&small_data;
  /* bigint */
  bind[4].buffer_type= MYSQL_TYPE_LONGLONG;
  bind[4].buffer= (void *)&big_data;
  /* float */
  bind[5].buffer_type= MYSQL_TYPE_FLOAT;
  bind[5].buffer= (void *)&real_data;
  /* double */
  bind[6].buffer_type= MYSQL_TYPE_DOUBLE;
  bind[6].buffer= (void *)&double_data;

Do you have something different in your 5.2.0?
[28 Feb 2007 22:58] Raluca Ada Popa
The bug is in function test_pure_coverage, where the update to buffer is missing. 
Function test_prepare (from where I think you got this code) is an example of a *correct* update of the buffer and buffer_type fields. 

Could you please confirm this bug?
[1 Mar 2007 19:14] Valeriy Kravchuk
If you mean this code in test_pure_coverage():

...
  stmt= mysql_simple_prepare(mysql, "insert into test_pure(c2) values(?)");
  check_stmt(stmt);

  /*
    We need to bzero bind structure because mysql_stmt_bind_param checks all
    its members.
  */
  bzero((char*) bind, sizeof(bind));

  bind[0].length= &length;
  bind[0].is_null= 0;
  bind[0].buffer_length= 0;

  bind[0].buffer_type= MYSQL_TYPE_GEOMETRY;
  rc= mysql_stmt_bind_param(stmt, bind);
  check_execute_r(stmt, rc); /* unsupported buffer type */

  bind[0].buffer_type= MYSQL_TYPE_STRING;
  rc= mysql_stmt_bind_param(stmt, bind);
  check_execute(stmt, rc);

  rc= mysql_stmt_store_result(stmt);
  check_execute(stmt, rc);

  mysql_stmt_close(stmt);
...

then it is intentional. Note that we explicitely "zeroed" all items, and set bugger_length=0. So, when later we do not set buffer, we just intentionally leave it with zero value, as it's length is zero anyway, no real data to bind.

This is not a bug.