Bug #39910 mysql_init() writes to another memory
Submitted: 7 Oct 2008 13:47 Modified: 8 Oct 2008 17:28
Reporter: Anatoly Lyutin Email Updates:
Status: Can't repeat Impact on me:
None 
Category:MySQL Server: C API (client library) Severity:S2 (Serious)
Version:4.1.21 OS:Linux (Red Hat)
Assigned to: CPU Architecture:Any
Tags: mysql_init()

[7 Oct 2008 13:47] Anatoly Lyutin 
Description:
I have attached a simple module for apache which shows a problem. 

I creates  a array of MYSQL structures and array of int after.
The array of int initialize by number "5", or "4" but not zero!
After this I initialize the array of MYSQL by mysql_init().
If the number of elements MYSQL`s array equal 100, 1000, 2000 and so on.

The zero element of int array became to zero!!!!

If I initialize the array of MYSQL on one less then all right!!

I do not understand why.

Apache version is 1.3.37
gcc version is 4.1.2 20071124 (Red Hat 4.1.2-42)

How to repeat:
#include "httpd.h"
#include "http_config.h"
#include "http_core.h"
#include "http_log.h"
#include "http_protocol.h"

#include <mysql/mysql.h>

#include "ap_config.h"
#include "ap_compat.h"

#define MYSQLCHILDREN   1000

int             nCurFlag2[MYSQLCHILDREN];

MYSQL           tCurMysql[MYSQLCHILDREN];

void mod_init( )
{
        int k = 0;
        FILE    *fd;
        for ( k = 0; k < MYSQLCHILDREN; k++ )
        {
                nCurFlag2[k] = 5;
        }

        for ( k = 0; k < MYSQLCHILDREN; k++ )
        {
            mysql_init( &tCurMysql[k] );
        }
        fd = fopen( "/tmp/log", "a+");

        for ( k = 0; k < MYSQLCHILDREN; k++ )
        {
                char buf[100];
                sprintf( buf, "%d ", nCurFlag2[k] );
                fwrite( buf, strlen(buf), 1, fd );
                fwrite( buf, strlen(buf), 1, fd );
        }
        fclose( fd );
}

/* Dispatch list for API hooks */
module MODULE_VAR_EXPORT mod_module = {
        STANDARD_MODULE_STUFF,
        mod_init,/* module nitializer                  */
        NULL,/* create per-dir    config structures */
        NULL,/* merge  per-dir    config structures */
        NULL,/* create per-server config structures */
        NULL,/* merge  per-server config structures */
        NULL,/* table of config file commands       */
        NULL,/* [#8] MIME-typed-dispatched handlers */
        NULL,/* [#1] URI to filename translation    */
        NULL,/* [#4] validate user id from request  */
        NULL,/* [#5] check if the user is ok _here_ */
        NULL,/* [#3] check access by host address   */
        NULL,/* [#6] determine MIME type            */
        NULL, /* [#7] pre-run fixups                 */
        NULL,/* [#9] log a transaction              */
        NULL, /* [#2] header parser                  */
        NULL, /* child_init                          */
        NULL,/* child_exit                          */
        NULL  /* [#0] post read-request              */
#ifdef EAPI
        ,NULL, /* EAPI: add_module                    */
        NULL,/* EAPI: remove_module                 */
        NULL, /* EAPI: rewrite_command               */
        NULL /* EAPI: new_connection                */
#endif
};

My /tmp/log :

$ tail /tmp/log
0 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5
.....
55.
[7 Oct 2008 14:01] Anatoly Lyutin 
{
                char buf[100];
                sprintf( buf, "%d ", nCurFlag2[k] );
                fwrite( buf, strlen(buf), 1, fd ); /* One fwrite */
  }

copy/paste error! Sorry!
[7 Oct 2008 20:04] Sveta Smirnova 
Thank you for the report.

You complain about mysql_init, but print values of nCurFlag2[k]. Does this mean your example would work as expected if not initialize tCurMysql?

Will error occur if skip Apache part and run test like:

int main() {
	mod_init();
};
?

Could you also please try with current version 4.1.23 and current GA version 5.0.67?
[8 Oct 2008 8:07] Anatoly Lyutin 
>You complain about mysql_init, but print values of nCurFlag2[k]. Does this mean your
>example would work as expected if not initialize tCurMysql?

Yes. The main tips is that if after tCurMysql we have more than 2 array, the zero element damages only in the first array. :(

>Will error occur if skip Apache part and run test like:

>int main() {
>	mod_init();
>};
>?

No, I have checked this.

>Could you also please try with current version 4.1.23 and current GA version >5.0.67?

I can not try at this version unfortunately, but in 5.0.51a it works without errors.

Should I repost this issue into Apache bugzilla?
[8 Oct 2008 9:57] Sveta Smirnova 
Thank you fro the feedback.

> Should I repost this issue into Apache bugzilla?

Yes, it could be bug in Apache as well, although I additionally check at MySQL side.
[8 Oct 2008 10:16] Anatoly Lyutin 
Thanks you for your attention.
[8 Oct 2008 17:28] Sveta Smirnova 
Thank you for the feedback.

Tried with current development 4.1 sources and could not repeat the problem. So I close the report as "Can't repeat".

Feel free to reopen the report when you are able to try latest 4.1 and if bug is repeatable with it.