Bug #28218 UDF strange behaviour
Submitted: 3 May 2007 12:01 Modified: 3 May 2007 20:38
Reporter: Francesco De Paolis Email Updates:
Status: Not a Bug Impact on me:
None 
Category:MySQL Server: User-defined functions ( UDF ) Severity:S2 (Serious)
Version:Ver 14.12 Distrib 5.0.32 OS:Linux (Debian)
Assigned to: Hartmut Holzgraefe

[3 May 2007 12:01] Francesco De Paolis
Description:
Hi,
I did 2 UDFs udf_testalloc and udf_testget.
The first one write data in a buffer allocated in the init and returns a (long long) pointer value
The second one get this pointer value a size of the data to read and try to read from memory.
It seems work fine except for the first 8 bytes!! :|

I already tested the code on FreeBsd but with different mysql version ... and it works fine.

Any ideas ?

Thanks a lot
Fra

How to repeat:
long long udf_testalloc(UDF_INIT *initid, UDF_ARGS *args, char *is_null, char *error){

        strncpy(initid->ptr,args->args[0],args->lengths[0]);

        // dumping memory
        dumpinfo("/home/fpaolis/dump/memdump_alloc",initid->ptr,args->lengths[0]);

        return (long long)(initid->ptr);
}

my_bool udf_testget_init(UDF_INIT *initid, UDF_ARGS *args, char *message){
        return 0;
}

void    udf_testget_deinit(UDF_INIT *initid){
}

char*   udf_testget(UDF_INIT *initid, UDF_ARGS *args,char *result, unsigned long *length, char *is_null, char *error){
        int valptr = *(long long*) args->args[0];
        char *ptr = (char*)valptr;

        // dumping memory
        dumpinfo("/home/fpaolis/dump/memdump_get",ptr,50);

        int len = *(long long*) args->args[1];

        memcpy(result, ptr, len);
        *length = len;

        dumpinfo("/home/fpaolis/football/procsdump/memdump_get1",ptr,50);

        return result;
}

my_bool udf_testalloc_init(UDF_INIT *initid, UDF_ARGS *args, char *message){
        // Alloc 1K for the data return

        initid->ptr = (char*)malloc(1024);
        return 0;
}

void    udf_testalloc_deinit(UDF_INIT *initid){
        free(initid->ptr);
}

// MYSQL

mysql> create function udf_testalloc returns integer soname 'testalloc.so';
Query OK, 0 rows affected (0.00 sec)

mysql> create function udf_testget returns string soname 'testalloc.so';
Query OK, 0 rows affected (0.00 sec)

mysql> select udf_testalloc('ABCDEFGHILMNO');
+--------------------------------+
| udf_testalloc('ABCDEFGHILMNO') |
+--------------------------------+
|                      145890184 |
+--------------------------------+
1 row in set (0.00 sec)

mysql> select udf_testget(145890184,13);
+---------------------------+
| udf_testget(145890184,13) |
+---------------------------+
| è·Þ·è·Þ·ILMNO             |
+---------------------------+
1 row in set (0.00 sec)
[3 May 2007 14:07] Valerii Kravchuk
Thank you for a problem report. Please, try to repeat with a newer versioon 5.0.37/5.0.38 or 5.0.40, and inform about the results. In case of the same problem, please, send the results of

uname -a
[3 May 2007 14:41] Francesco De Paolis
I'm working on
Linux version 2.6.18-4-k7 (Debian 2.6.18.dfsg.1-12)
[3 May 2007 20:38] Hartmut Holzgraefe
init/deinit handlers are called per statement, so the memory you allocated
in udf_testalloc_init() has already been freed again by udf_testalloc_deinit()
so the pointer you passed on to udf_testget() is no longer valid and is likely
to he reallocated again and so overwritten already ...