Bug #28116 Crash in getBlobHandle() when called before setting full key with equal()
Submitted: 26 Apr 2007 8:47 Modified: 4 Dec 2009 15:59
Reporter: Kristian Nielsen Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Cluster: NDB API Severity:S3 (Non-critical)
Version:mysql-5.1 OS:Any
Assigned to: Frazer Clement CPU Architecture:Any
Tags: 5.0-bk, 5.1-bk

[26 Apr 2007 8:47] Kristian Nielsen
Description:
In NDB API.

When using blobs, calling getBlobHandle() requires that the full key has been
set with equal(). (It needs to access the key for adding blob table operations).

But in current code, if one calls getBlobHandle() without first setting all parts of the primary key, an application crash occurs deep in NdbBlob.cpp.

I think an appropriate error code should be returned instead, otherwise the
application programmer might waste much time understanding what the real
problem is.

How to repeat:
Test case for testBlobs.cpp:

--- /tmp/geta15943	2007-04-26 10:44:29.000000000 +0200
+++ testBlobs.cpp	2007-04-26 10:42:42.000000000 +0200
@@ -142,6 +142,7 @@
     << "  -bug 4088   ndb api hang with mixed ops on index table" << endl
     << "  -bug 27018  middle partial part write clobbers rest of part" << endl
     << "  -bug 27370  Potential inconsistent blob reads for ReadCommitted reads" << endl
+    << "  -bug xxxxx  " << endl
     ;
 }
 
@@ -2083,13 +2084,42 @@
   return 0;
 }
 
+static int
+bugtest_xxxxx()
+{
+  DBG("bug test xxxxx - ");
+  if (g_opt.m_pk2len == 0)
+  {
+    DBG("  ... skipped, requires multi-column primary key.");
+    return 0;
+  }
+
+  for (unsigned k = 0; k < g_opt.m_rows; k++) {
+    Tup& tup = g_tups[k];
+    CHK((g_con = g_ndb->startTransaction()) != 0);
+    CHK((g_opr = g_con->getNdbOperation(g_opt.m_tname)) != 0);
+    if (urandom(2) == 0)
+      CHK(g_opr->readTuple() == 0);
+    else
+      CHK(g_opr->readTuple(NdbOperation::LM_CommittedRead) == 0);
+    CHK(g_opr->equal("PK1", tup.m_pk1) == 0);
+    /* Deliberately no equal() on rest of primary key, to provoke error. */
+    CHK(opr->getBlobHandle("BL1") == 0);
+    g_ndb->closeTransaction(g_con);
+    g_opr = 0;
+    g_con = 0;
+  }
+  return 0;
+}
+
 static struct {
   int m_bug;
   int (*m_test)();
 } g_bugtest[] = {
   { 4088, bugtest_4088 },
   { 27018, bugtest_27018 },
-  { 27370, bugtest_27370 }
+  { 27370, bugtest_27370 },
+  { 88888, bugtest_xxxxx }
 };
 
 NDB_COMMAND(testOdbcDriver, "testBlobs", "testBlobs", "testBlobs", 65535)

Suggested fix:
Check the operation state in getBlobHandle(), and fail if the key has not yet
been fully specified.
[26 Apr 2007 8:52] Kristian Nielsen
Test case for the bug (patch against testBlobs.cpp)

Attachment: bug28116-testcase.patch (text/x-patch), 1.56 KiB.

[25 Nov 2009 15:23] Frazer Clement
Proposed patch

Attachment: bug28116.patch (text/x-patch), 4.36 KiB.

[25 Nov 2009 15:26] Frazer Clement
Patch adds to patch for bug#48973 and testcase covers testcase for that bug too (hence patch replaces that testcase).

Specific operation state check added to getNdbBlobHandle() call to catch all key-not-yet-defined state issues.

Testcase checks no-key, first-part only and second-part only scenarios.

NdbRecord Blob handle setup is unaffected as it is not prone to state issues.
[27 Nov 2009 13:19] Bugs System
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/91913

3045 Frazer Clement	2009-11-27
      Bug#28116 : Crash in getBlobHandle() when called before setting full key with equal()
      modified:
        storage/ndb/src/ndbapi/NdbOperationDefine.cpp
        storage/ndb/test/ndbapi/testBlobs.cpp
        storage/ndb/test/run-test/daily-basic-tests.txt
[27 Nov 2009 14:58] Bugs System
Pushed into 5.1.39-ndb-7.1.0 (revid:frazer@mysql.com-20091127145345-z5kop3e41jw8r9rf) (version source revid:frazer@mysql.com-20091127145345-z5kop3e41jw8r9rf) (merge vers: 5.1.39-ndb-7.1.0) (pib:13)
[27 Nov 2009 14:59] Bugs System
Pushed into 5.1.39-ndb-7.0.10 (revid:frazer@mysql.com-20091127144724-9rza75epygziryzw) (version source revid:frazer@mysql.com-20091127144724-9rza75epygziryzw) (merge vers: 5.1.39-ndb-7.0.10) (pib:13)
[27 Nov 2009 15:01] Bugs System
Pushed into 5.1.39-ndb-6.3.29 (revid:frazer@mysql.com-20091127132931-48f6wmf8v39rppum) (version source revid:frazer@mysql.com-20091127132931-48f6wmf8v39rppum) (merge vers: 5.1.39-ndb-6.3.29) (pib:13)
[27 Nov 2009 15:02] Bugs System
Pushed into 5.1.39-ndb-6.2.19 (revid:frazer@mysql.com-20091127131722-xy3niyn3plm6z296) (version source revid:frazer@mysql.com-20091127131722-xy3niyn3plm6z296) (merge vers: 5.1.39-ndb-6.2.19) (pib:13)
[27 Nov 2009 15:03] Frazer Clement
Pushed to 6.2.19, 6.3.27, 7.0.10, 7.1.0
[1 Dec 2009 13:02] Bugs System
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/92273

3167 Martin Skold	2009-12-01 [merge]
      Merge
      modified:
        storage/ndb/src/common/debugger/EventLogger.cpp
        storage/ndb/src/kernel/blocks/dblqh/DblqhMain.cpp
        storage/ndb/src/kernel/blocks/ndbfs/AsyncIoThread.hpp
        storage/ndb/src/kernel/blocks/ndbfs/MemoryChannel.hpp
        storage/ndb/src/kernel/blocks/pgman.cpp
        storage/ndb/src/kernel/blocks/pgman.hpp
        storage/ndb/src/mgmsrv/MgmtSrvr.cpp
        storage/ndb/src/ndbapi/NdbOperationDefine.cpp
        storage/ndb/src/ndbapi/NdbOperationSearch.cpp
        storage/ndb/test/ndbapi/testBlobs.cpp
        storage/ndb/test/run-test/daily-basic-tests.txt
        storage/ndb/test/run-test/daily-devel-tests.txt
[1 Dec 2009 13:33] Bugs System
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/92279

3244 Martin Skold	2009-12-01 [merge]
      Merge
      modified:
        storage/ndb/src/common/debugger/EventLogger.cpp
        storage/ndb/src/kernel/blocks/dblqh/DblqhMain.cpp
        storage/ndb/src/kernel/blocks/ndbfs/AsyncIoThread.hpp
        storage/ndb/src/kernel/blocks/ndbfs/MemoryChannel.hpp
        storage/ndb/src/kernel/blocks/pgman.cpp
        storage/ndb/src/kernel/blocks/pgman.hpp
        storage/ndb/src/mgmsrv/MgmtSrvr.cpp
        storage/ndb/src/ndbapi/NdbOperationDefine.cpp
        storage/ndb/src/ndbapi/NdbOperationSearch.cpp
        storage/ndb/test/ndbapi/testBlobs.cpp
        storage/ndb/test/run-test/daily-basic-tests.txt
        storage/ndb/test/run-test/daily-devel-tests.txt
[1 Dec 2009 14:02] Bugs System
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/92287

3170 Martin Skold	2009-12-01 [merge]
      Merge
      modified:
        storage/ndb/src/common/debugger/EventLogger.cpp
        storage/ndb/src/kernel/blocks/dblqh/DblqhMain.cpp
        storage/ndb/src/kernel/blocks/ndbfs/AsyncFile.hpp
        storage/ndb/src/kernel/blocks/ndbfs/MemoryChannel.hpp
        storage/ndb/src/kernel/blocks/pgman.cpp
        storage/ndb/src/kernel/blocks/pgman.hpp
        storage/ndb/src/mgmsrv/MgmtSrvr.cpp
        storage/ndb/src/ndbapi/NdbOperationDefine.cpp
        storage/ndb/src/ndbapi/NdbOperationSearch.cpp
        storage/ndb/test/ndbapi/testBlobs.cpp
        storage/ndb/test/run-test/daily-basic-tests.txt
        storage/ndb/test/run-test/daily-devel-tests.txt
[1 Dec 2009 14:22] Bugs System
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/92291

3040 Martin Skold	2009-12-01 [merge]
      Merge
      modified:
        storage/ndb/src/kernel/blocks/ndbfs/AsyncFile.hpp
        storage/ndb/src/kernel/blocks/ndbfs/MemoryChannel.hpp
        storage/ndb/src/kernel/blocks/pgman.cpp
        storage/ndb/src/kernel/blocks/pgman.hpp
        storage/ndb/src/ndbapi/NdbOperationDefine.cpp
        storage/ndb/src/ndbapi/NdbOperationSearch.cpp
        storage/ndb/test/ndbapi/testBlobs.cpp
        storage/ndb/test/run-test/daily-basic-tests.txt
[4 Dec 2009 15:59] Jon Stephens
Documented bugfix in the NDB-6.2.19, 6.3.29, and 7.0.10 changelogs, as follows:

        When using blobs, calling getBlobHandle()
        requires the full key to have been set using
        equal(), because getBlobHandle() must access the key for
        adding blob table operations. However, if
        getBlobHandle() was called without first
        setting all parts of the primary key, the application using it
        crashed. Now, an appropriate error code is returned instead.

Closed.