Bug #47382 'mysqladmin debug' crash on 64-bit windows
Submitted: 16 Sep 2009 17:02 Modified: 12 Mar 2010 17:29
Reporter: Shane Bester (Platinum Quality Contributor) Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Server: General Severity:S1 (Critical)
Version:5.1.38-debug-x64, 5.4.2-debug-x64 OS:Microsoft Windows (xp64)
Assigned to: Christopher Powers CPU Architecture:Any
Tags: regression

[16 Sep 2009 17:02] Shane Bester
Description:
during memory allocation dump, there's an invalid filename causing crash;

mysqld-debug.exe!_output_l()[output.c:1648]
mysqld-debug.exe!fprintf()[fprintf.c:70]
mysqld-debug.exe!TERMINATE()[safemalloc.c:410]
mysqld-debug.exe!mysql_print_status()[sql_test.cc:519]
mysqld-debug.exe!dispatch_command()[sql_parse.cc:1550]
mysqld-debug.exe!do_command()[sql_parse.cc:854]
mysqld-debug.exe!handle_one_connection()[sql_connect.cc:1127]
mysqld-debug.exe!pthread_start()[my_winthread.c:85]
mysqld-debug.exe!_callthreadstart()[thread.c:295]
mysqld-debug.exe!_threadstart()[thread.c:277]
kernel32.dll!BaseThreadStart()

How to repeat:
start the x64 5.1.38-debug binary:

mysqld --no-defaults --console

run "mysqladmin -uroot debug"
[17 Sep 2009 5:25] Sveta Smirnova
Thank you fro the report.

Verified as described. Bug is not repeatable with version 5.0
[9 Nov 2009 20:07] Christopher Powers
The crash occurs because TERMINATE() encounters a pointer to an uninitialized filename string passed into the memory subsystem by the Archive plugin. 

The filename was not initialized because SAFEMALLOC is defined for the MySQL server but not for the Archive storage engine library, resulting in a parameter mismatch between the function interface (prototype) and the actual function definition.

When SAFEMALLOC is defined, functions declared with the CALL_INFO and CALL_INFO_PROTO macros are compiled with two additional paramters: __FILE__ and __LINE__. For example, my_hash_init() and init_dynamic_array() are declared with the CALLER_INFO macro.

If SAFEMALLOC is not defined, then functions declared with CALL_INFO* are not compiled with the file and line parameters.

For 5.1 Windows builds, SAFEMALLOC is defined by default in the CMakeLists.txt file associated with each library, including the static and dynamic storage engine libraries. For reasons unknown, SAFEMALLOC is not defined for the Archive and Federated engines. 

This mismatch is a serious problem in debug builds. Calls from archive.lib into any function defined with CALLER_INFO will fail to pass the __FILE__ and __LINE__ values. The target function (hash_init() in this case) receives two uninitialized stack parameters, eventually causing a crash.

In 5.4, SAFEMALLOC is only defined once, in the main CMakeLists.txt. Also, SAFEMALLOC is no longer defined by default for Windows builds, but for reasons unrelated to this bug.

For 5.1, the best solution would be to model the 5.4 approach, i.e. move SAFEMALLOC out of the submodules, but the simplest solution would be to add SAFEMALLOC to the Archive and Federated build configurations.
[10 Nov 2009 19:43] Bugs System
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/90003

3196 Christopher Powers	2009-11-10
      Bug#47382 'mysqladmin debug' crash on 64-bit Windows
      
      The crash occurs because SAFEMALLOC is defined for the MySQL server
      but not for the Archive or Federated engines, resulting in a 
      parameter mismatch between the function prototype and definition
      for functions using the CALLER_INFO macro.
      modified:
        storage/archive/CMakeLists.txt*
        storage/federated/CMakeLists.txt*
[11 Nov 2009 17:36] Bugs System
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/90133

3677 Christopher Powers	2009-11-11 [merge]
      Bug#47382 'mysqladmin debug' crash on 64-bit Windows
            
      The crash occurs because SAFEMALLOC is defined for the MySQL server
      but not for the Archive or Federated engines, resulting in a 
      parameter mismatch between the function prototype and definition
      for functions using the CALLER_INFO macro.
      modified:
        storage/archive/CMakeLists.txt*
        storage/federated/CMakeLists.txt*
[24 Nov 2009 8:25] Bugs System
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/91386

2928 Alexey Kopytov	2009-11-24 [merge]
      Null merge of the patch for bug #47382 from mysql-5.1-bugteam.
[2 Dec 2009 8:08] Bugs System
Pushed into 5.1.42 (revid:joro@sun.com-20091202080033-mndu4sxwx19lz2zs) (version source revid:christopher.powers@sun.com-20091110194143-ecku9un62omre96w) (merge vers: 5.1.41) (pib:13)
[16 Dec 2009 8:39] Bugs System
Pushed into 6.0.14-alpha (revid:alik@sun.com-20091216083311-xorsasf5kopjxshf) (version source revid:alik@sun.com-20091215065750-5m04ogppd5l0pol5) (merge vers: 6.0.14-alpha) (pib:14)
[16 Dec 2009 8:46] Bugs System
Pushed into 5.5.0-beta (revid:alik@sun.com-20091216082430-s0gtzibcgkv4pqul) (version source revid:alexey.kopytov@sun.com-20091124082434-ilmdycc59qemh3hp) (merge vers: 5.5.0-beta) (pib:14)
[16 Dec 2009 8:52] Bugs System
Pushed into mysql-next-mr (revid:alik@sun.com-20091216083231-rp8ecpnvkkbhtb27) (version source revid:alik@sun.com-20091212203859-fx4rx5uab47wwuzd) (merge vers: 5.6.0-beta) (pib:14)
[10 Feb 2010 19:47] Paul Dubois
Noted in 5.1.42, 5.5.0, 6.0.14 changelogs.

"mysqladmin debug" could crash on 64-bit systems.

Setting report to Need Merge pending push to Celosia.
[12 Mar 2010 14:13] Bugs System
Pushed into 5.1.44-ndb-7.0.14 (revid:jonas@mysql.com-20100312135944-t0z8s1da2orvl66x) (version source revid:jonas@mysql.com-20100312115609-woou0te4a6s4ae9y) (merge vers: 5.1.44-ndb-7.0.14) (pib:16)
[12 Mar 2010 14:29] Bugs System
Pushed into 5.1.44-ndb-6.2.19 (revid:jonas@mysql.com-20100312134846-tuqhd9w3tv4xgl3d) (version source revid:jonas@mysql.com-20100312060623-mx6407w2vx76h3by) (merge vers: 5.1.44-ndb-6.2.19) (pib:16)
[12 Mar 2010 14:45] Bugs System
Pushed into 5.1.44-ndb-6.3.33 (revid:jonas@mysql.com-20100312135724-xcw8vw2lu3mijrhn) (version source revid:jonas@mysql.com-20100312103652-snkltsd197l7q2yg) (merge vers: 5.1.44-ndb-6.3.33) (pib:16)
[12 Mar 2010 17:29] Paul Dubois
Fixed in earlier 5.1.x, 5.5.x.