Bug #35986 valgrind warning in DbugParse for empty string in SET GLOBAL DEBUG=
Submitted: 11 Apr 2008 8:22 Modified: 14 May 2008 2:23
Reporter: Magnus Blåudd Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Server: General Severity:S3 (Non-critical)
Version:5.1.25, 5.0 OS:Any
Assigned to: Magnus Blåudd CPU Architecture:Any
Triage: D1 (Critical)

[11 Apr 2008 8:22] Magnus Blåudd
Description:
set GLOBAL debug=""; gives valgrind warning since the code in DbugParse will read after the end of the control string.

==27642== Invalid read of size 1
==27642==    at 0x8609756: DbugParse (dbug.c:503)
==27642==    by 0x8609C6D: _db_set_init_ (dbug.c:746)
==27642==    by 0x8282396: sys_var_thd_dbug::update(THD*, set_var*) (set_var.cc:4011)
==27642==    by 0x82776B6: set_var::update(THD*) (set_var.cc:3473)
==27642==    by 0x8281403: sql_set_variables(THD*, List<set_var_base>*) (set_var.cc:3348)
==27642==    by 0x8273F81: mysql_execute_command(THD*) (sql_parse.cc:3235)
==27642==    by 0x827472B: mysql_parse(THD*, char const*, unsigned, char const**) (sql_parse.cc:5630)
==27642==    by 0x8275AD8: dispatch_command(enum_server_command, THD*, char*, unsigned) (sql_parse.cc:1121)
==27642==    by 0x8276C81: do_command(THD*) (sql_parse.cc:781)
==27642==    by 0x826503D: handle_one_connection (sql_connect.cc:1115)
==27642==    by 0x403846A: start_thread (in /lib/tls/i686/cmov/libpthread-2.6.1.so)
==27642==    by 0x41A36DD: clone (in /lib/tls/i686/cmov/libc-2.6.1.so)
==27642==  Address 0x5009D99 is 0 bytes after a block of size 17 alloc'd
==27642==    at 0x4022765: malloc (vg_replace_malloc.c:149)
==27642==    by 0x85EE747: my_malloc (my_malloc.c:34)
==27642==    by 0x85EF168: alloc_root (my_alloc.c:158)
==27642==    by 0x819DE43: get_text(Lex_input_stream*, int, int) (sql_class.h:500)
==27642==    by 0x81A15F7: MYSQLlex(void*, void*) (sql_lex.cc:1171)
==27642==    by 0x82863DB: MYSQLparse(void*) (sql_yacc.cc:15656)
==27642==    by 0x8265566: parse_sql(THD*, Lex_input_stream*, Object_creation_ctx*) (sql_parse.cc:7427)
==27642==    by 0x82746AE: mysql_parse(THD*, char const*, unsigned, char const**) (sql_parse.cc:5599)
==27642==    by 0x8275AD8: dispatch_command(enum_server_command, THD*, char*, unsigned) (sql_parse.cc:1121)
==27642==    by 0x8276C81: do_command(THD*) (sql_parse.cc:781)
==27642==    by 0x826503D: handle_one_connection (sql_connect.cc:1115)
==27642==    by 0x403846A: start_thread (in /lib/tls/i686/cmov/libpthread-2.6.1.so)
==27642==    by 0x41A36DD: clone (in /lib/tls/i686/cmov/libc-2.6.1.so)

How to repeat:
valgrind a mysqld with DBUG support and run SET GLOBAL DEBUG=""

Suggested fix:
Change the "while(1)" loop to "while (control<end)"
[11 Apr 2008 8:25] Bugs System
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/45231

ChangeSet@1.2572, 2008-04-11 10:30:06+02:00, msvensson@pilot.mysql.com +1 -0
  Bug#35986 valgrind warning in DbugParse for empty string in SET GLOBAL DEBUG=""
   - Code in DbugParse was reading from beyond end of the control string
[2 May 2008 10:43] Bugs System
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/46288

ChangeSet@1.2614, 2008-05-02 12:49:31+02:00, msvensson@pilot.mysql.com +1 -0
  Bug#35986 valgrind warning in DbugParse for empty string in SET GLOBAL DEBUG=""
   - Code in DbugParse was reading from beyond end of the control string
[6 May 2008 0:25] Bugs System
Pushed into 5.0.62
[6 May 2008 0:29] Bugs System
Pushed into 5.1.25-rc
[6 May 2008 0:32] Bugs System
Pushed into 6.0.6-alpha
[14 May 2008 2:23] Paul Dubois
Noted in 5.0.62, 5.1.25, 6.0.6 changelogs.

SET GLOBAL debug='' resulted in a Valgrind warning in DbugParse(),
which was reading beyond the end of the control string.
[30 Jan 2009 13:30] Bugs System
Pushed into 6.0.10-alpha (revid:luis.soares@sun.com-20090129165607-wiskabxm948yx463) (version source revid:luis.soares@sun.com-20090129163120-e2ntks4wgpqde6zt) (merge vers: 6.0.10-alpha) (pib:6)
[30 Jan 2009 15:10] Bugs System
Pushed into 5.1.32 (revid:luis.soares@sun.com-20090129165946-d6jnnfqfokuzr09y) (version source revid:sp1r-msvensson@pilot.mysql.com-20080411083006-44035) (merge vers: 5.1.25-rc) (pib:6)
[17 Feb 2009 14:57] Bugs System
Pushed into 5.1.32-ndb-6.3.23 (revid:tomas.ulin@sun.com-20090217131017-6u8qz1edkjfiobef) (version source revid:tomas.ulin@sun.com-20090203133556-9rclp06ol19bmzs4) (merge vers: 5.1.32-ndb-6.3.22) (pib:6)
[17 Feb 2009 16:45] Bugs System
Pushed into 5.1.32-ndb-6.4.3 (revid:tomas.ulin@sun.com-20090217134419-5ha6xg4dpedrbmau) (version source revid:tomas.ulin@sun.com-20090203133556-9rclp06ol19bmzs4) (merge vers: 5.1.32-ndb-6.3.22) (pib:6)
[17 Feb 2009 18:21] Bugs System
Pushed into 5.1.32-ndb-6.2.17 (revid:tomas.ulin@sun.com-20090217134216-5699eq74ws4oxa0j) (version source revid:tomas.ulin@sun.com-20090201210519-vehobc4sy3g9s38e) (merge vers: 5.1.32-ndb-6.2.17) (pib:6)