Bug #43233 Some server variables are clipped during "update," not "check" stage
Submitted: 26 Feb 2009 15:48 Modified: 6 Jan 2011 2:47
Reporter: Tatiana Azundris Nuernberg Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Server: General Severity:S3 (Non-critical)
Version:any OS:Any
Assigned to: Tatiana Azundris Nuernberg CPU Architecture:Any
Triage: Triaged: D4 (Minor)

[26 Feb 2009 15:48] Tatiana Azundris Nuernberg
Description:
The right way to do things: Check variable during check-stage (duh :-). If user-supplied value is out of range, throw a warning, unless in strict mode, in which case we throw an error and never proceed to the update stage. Most system variables are handled this way. Hooray.

There are some (very few) exceptions; system-variables that bound their values during the update phase. This arguably violates the model; it also means we can throw only warnings (see Bug#40657) and not promote them to errors in strict mode without triggering an assert -- we're simply supposed to already be sure by this time that the value is good.

How to repeat:
set @@global.key_cache_block_size=-1;

(should throw warning, but probably doesn't, depending on patchlevel of your version.  Either way, now try

set sql_mode=strict_all_tables;
set @@global.key_cache_block_size=-1;

Depending on your patchlevel, this will either crash the server, or throw a warning instead of an error.

Suggested fix:
Move said test/clipping from update() to check() functions. Create those check() functions as needed.

Look at

sys_var_ulonglong_ptr: unused?

sys_var_thd_ha_rows: "max_join_size" et al.

sys_var_key_buffer_size: "key_buffer_size"

sys_var_key_cache_long: "key_cache_block_size" et al.
[26 Feb 2009 16:05] Valeriy Kravchuk
Thank you for the bug report. Verified just as described:

valeriy-kravchuks-macbook-pro:6.0 openxs$ bin/mysql -uroot test
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A

Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 1
Server version: 6.0.11-alpha-debug Source distribution

Type 'help;' or '\h' for help. Type '\c' to clear the buffer.

mysql> set @@global.key_cache_block_size=-1;
Query OK, 0 rows affected, 1 warning (0.38 sec)

mysql> show warnings\G
*************************** 1. row ***************************
  Level: Warning
   Code: 1292
Message: Truncated incorrect key_cache_block_size value: '4294967295'
1 row in set (0.00 sec)

mysql> set sql_mode=strict_all_tables;
Query OK, 0 rows affected (0.00 sec)

mysql> set @@global.key_cache_block_size=-1;
ERROR 2013 (HY000): Lost connection to MySQL server during query
mysql> 090226 17:58:38 mysqld_safe mysqld restarted

mysql> exit
Bye
valeriy-kravchuks-macbook-pro:6.0 openxs$ tail -50 var/valeriy-kravchuks-macbook-pro.local.err 
090224 07:22:27 mysqld_safe mysqld from pid file /Users/openxs/dbs/6.0/var/valeriy-kravchuks-macbook-pro.local.pid ended
090226 17:57:34 mysqld_safe Starting mysqld daemon with databases from /Users/openxs/dbs/6.0/var
090226 17:57:34 [Warning] Setting lower_case_table_names=2 because file system for /Users/openxs/dbs/6.0/var/ is case insensitive
090226 17:57:34 [Warning] One can only use the --user switch if running as root

090226 17:57:35  InnoDB: Started; log sequence number 0 54748
090226 17:57:35 [Note] Event Scheduler: Loaded 0 events
090226 17:57:35 [Note] /Users/openxs/dbs/6.0/libexec/mysqld: ready for connections.
Version: '6.0.11-alpha-debug'  socket: '/tmp/mysql.sock'  port: 3306  Source distribution
Assertion failed: (! is_set()), function set_ok_status, file sql_error.cc, line 86.
090226 17:58:38 - mysqld got signal 6 ;
This could be because you hit a bug. It is also possible that this binary
or one of the libraries it was linked against is corrupt, improperly built,
or misconfigured. This error can also be caused by malfunctioning hardware.
We will try our best to scrape up some info that will hopefully help diagnose
the problem, but since we have already crashed, something is definitely wrong
and this may fail.

key_buffer_size=8384512
read_buffer_size=131072
max_used_connections=1
max_threads=151
thread_count=1
connection_count=1
It is possible that mysqld could use up to 
key_buffer_size + (read_buffer_size + sort_buffer_size)*max_threads = 337802 K
bytes of memory
Hope that's ok; if not, decrease some variables in the equation.

thd: 0x0
Attempting backtrace. You can use the following information to find out
where mysqld died. If you see no messages after this, something went
terribly wrong...
stack_bottom = 0x0 thread_stack 0x30c00
0   mysqld                              0x0078efd0 my_print_stacktrace + 44
1   mysqld                              0x000f83c2 handle_segfault + 894
2   libSystem.B.dylib                   0x940472bb _sigtramp + 43
3   ???                                 0xffffffff 0x0 + 4294967295
4   mysqld                              0x001029e5 main + 1391
5   mysqld                              0x0000247a start + 54
The manual page at http://dev.mysql.com/doc/mysql/en/crashing.html contains
information that should help you find out what is causing the crash.
090226 17:58:38 mysqld_safe mysqld restarted
090226 17:58:38 [Warning] Setting lower_case_table_names=2 because file system for /Users/openxs/dbs/6.0/var/ is case insensitive
090226 17:58:38 [Warning] One can only use the --user switch if running as root

090226 17:58:39  InnoDB: Started; log sequence number 0 54748
090226 17:58:39 [Note] Event Scheduler: Loaded 0 events
090226 17:58:39 [Note] /Users/openxs/dbs/6.0/libexec/mysqld: ready for connections.
Version: '6.0.11-alpha-debug'  socket: '/tmp/mysql.sock'  port: 3306  Source distribution
[11 Jun 2010 12:40] Bugs System
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/110824

3427 Tatiana A. Nurnberg	2010-06-11
      Bug#43233: Some server variables are clipped during "update," not "check" stage
      
      Port the few remaining system variables to the correct mechanism --
      range-check in check-stage (and throw error or warning at that point
      as needed and depending on STRICTness), update in update stage.
     @ mysql-test/r/variables.result
        Show that we throw warnings or errors depending on strictness
        even for "special" variables now.
     @ mysql-test/t/variables.test
        Show that we throw warnings or errors depending on strictness
        even for "special" variables now.
     @ sql/set_var.cc
        move range-checking from update stage to check stage for the remaining
        few sys-vars that broke the pattern
     @ sql/set_var.h
        show sys_var_ulonglong_ptr type variables as unsigned.
[11 Nov 2010 11:36] Bugs System
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/123588

3519 Tatiana A. Nurnberg	2010-11-11
      Bug#43233: Some server variables are clipped during "update," not "check" stage
      Bug#55794: ulonglong options of mysqld show wrong values.
      
      Port the few remaining system variables to the correct mechanism --
      range-check in check-stage (and throw error or warning at that point
      as needed and depending on STRICTness), update in update stage.
      Fix some signedness errors when retrieving sysvar values for display.
     @ mysql-test/r/variables.result
        Show that we throw warnings or errors depending on strictness
        even for "special" variables now.
     @ mysql-test/t/variables.test
        Show that we throw warnings or errors depending on strictness
        even for "special" variables now.
     @ sql/item_func.cc
        show sys_var_ulonglong_ptr and SHOW_LONGLONG type variables as unsigned.
     @ sql/set_var.cc
        move range-checking from update stage to check stage for the remaining
        few sys-vars that broke the pattern
     @ sql/set_var.h
        add check functions.
[5 Dec 2010 12:41] Bugs System
Pushed into mysql-trunk 5.6.1 (revid:alexander.nozdrin@oracle.com-20101205122447-6x94l4fmslpbttxj) (version source revid:alexander.nozdrin@oracle.com-20101205122447-6x94l4fmslpbttxj) (merge vers: 5.6.1) (pib:23)
[17 Dec 2010 12:48] Bugs System
Pushed into mysql-5.1 5.1.55 (revid:georgi.kodinov@oracle.com-20101217124435-9imm43geck5u55qw) (version source revid:mats.kindahl@oracle.com-20101201193331-1c07sjno2g7m46ix) (merge vers: 5.1.55) (pib:24)
[17 Dec 2010 12:51] Bugs System
Pushed into mysql-5.5 5.5.9 (revid:georgi.kodinov@oracle.com-20101217124733-p1ivu6higouawv8l) (version source revid:azundris@mysql.com-20101125035016-iwt4adcyfgdvak7v) (merge vers: 5.5.8) (pib:24)
[6 Jan 2011 2:47] Paul Dubois
Noted in 5.1.55, 5.5.9 changelogs.

During assignment of values to system variables, legality checks on
the value range occurred too late, preventing proper error checking.