Bug #48284 C99 aliasing violation, results in failures in the client library
Submitted: 25 Oct 2009 6:57 Modified: 12 Mar 2010 17:13
Reporter: Davin McCall Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Server: C API (client library) Severity:S2 (Serious)
Version:5.1.40 OS:Linux
Assigned to: Jim Winstead CPU Architecture:Any
Tags: aliasing
Triage: Triaged: D2 (Serious)

[25 Oct 2009 6:57] Davin McCall
Description:
There is a C99 aliasing violation in the source of Mysql 5.1.40 which causes client errors (specifically with MythTV but probably also with others) when Mysql is compiled with -O3 optimization (GCC 4.4.2).

The problem is in in libmysql/libmysql.c, in the cli_stmt_execute() function. Line 2553 looks like:

    for (param= stmt->params; param < param_end; param++)
        store_param_type((char**) &net->write_pos, param);

And store_param_type is declared as:

    static void store_param_type(char **pos, MYSQL_BIND *param)
    {
        uint typecode= param->buffer_type | (param->is_unsigned ? 32768 : 0);
        int2store(*pos, typecode);
        *pos+= 2;
    }

However, the real type of net->write_pos is "uchar *" not "char *" and it is referenced as such elsewhere in the cli_stmt_execute function. The types are incompatible and it is not legal to access the net->write_pos value as if it were both a "uchar *" and "char *" (note that if the "char **" cast is removed GCC gives a warning that the types are incompatible).

The eventual result is that GCC thinks "*pos+=2" can be moved outside the loop and collapsed to a single store. A bit silly, but that's what happens when you break the aliasing rules :)

How to repeat:
Compile with GCC 4.4.2, using the Mysql-recommended CFLAGS/CXXFLAGS (I added only -march=i686).

CXX=gcc CFLAGS="-O3 -march=i686" \
CXXFLAGS="-O3 -felide-constructors -fno-exceptions -fno-rtti -march=i686" \
  ./configure --prefix=/usr --localstatedir=/var/mysql --sysconfdir=/etc \
              --mandir=/usr/share/man \
              --enable-thread-safe-client --enable-assembler --with-gnu-ld \
              --with-mysqld-user=mysql --with-ssl
make
make install

Then run "mythfrontend"...

Suggested fix:
The fix is fairly trivial, two things should be changed:
1) change the declared type of the "pos" parameter in store_param_type from "char **" to "uchar **"
2) remove the "char **" cast from line 2554 in cli_stmt_execute. (Not strictly necessary, but GCC gives a warning if you don't).

For a workaround with current version, it's easy just to add "-fno-strict-aliasing" to CFLAGS.
[17 Nov 2009 10:33] Tonci Grgin
Hi Davin.

Verified just as described by looking into latest 5.1 sources.
[23 Nov 2009 22:02] Bugs System
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/91356

3218 Jim Winstead	2009-11-23
      Fix C99 aliasing violation due to mismatched types that were papered over
      with a cast. (Bug #48284)
[15 Dec 2009 9:43] Magnus BlÄudd
Patch is ok. It's effect is visual since it fixes a crash in mysql_client_test when release compiling with gcc 4.4.2
[17 Dec 2009 19:59] Jim Winstead
Queued to the mysql-5.1-bugteam and mysql-pe trees.
[15 Jan 2010 8:58] Bugs System
Pushed into 5.1.43 (revid:joro@sun.com-20100115085139-qkh0i0fpohd9u9p5) (version source revid:jimw@mysql.com-20091216204853-5clvhmihej25795n) (merge vers: 5.1.42) (pib:16)
[22 Jan 2010 1:12] Paul Dubois
Noted in 5.1.43 changelog.

An aliasing violation in the C API could lead to a crash.

Setting report to NDI pending push to 5.5.x+.
[5 Feb 2010 11:50] Bugs System
Pushed into mysql-next-mr (revid:alik@sun.com-20100204063540-9czpdmpixi3iw2yb) (version source revid:alik@sun.com-20091224075613-es9uswo4lidkm3tj) (pib:16)
[12 Mar 2010 14:20] Bugs System
Pushed into 5.1.44-ndb-7.0.14 (revid:jonas@mysql.com-20100312135944-t0z8s1da2orvl66x) (version source revid:jonas@mysql.com-20100312115609-woou0te4a6s4ae9y) (merge vers: 5.1.44-ndb-7.0.14) (pib:16)
[12 Mar 2010 14:35] Bugs System
Pushed into 5.1.44-ndb-6.2.19 (revid:jonas@mysql.com-20100312134846-tuqhd9w3tv4xgl3d) (version source revid:jonas@mysql.com-20100312060623-mx6407w2vx76h3by) (merge vers: 5.1.44-ndb-6.2.19) (pib:16)
[12 Mar 2010 14:51] Bugs System
Pushed into 5.1.44-ndb-6.3.33 (revid:jonas@mysql.com-20100312135724-xcw8vw2lu3mijrhn) (version source revid:jonas@mysql.com-20100312103652-snkltsd197l7q2yg) (merge vers: 5.1.44-ndb-6.3.33) (pib:16)
[12 Mar 2010 17:13] Paul Dubois
Noted in 5.5.3 changelog.