Bug #53493 add_to_status does not handle the longlong fields in STATUS_VAR
Submitted: 7 May 2010 15:13 Modified: 14 Oct 2010 15:03
Reporter: Mark Callaghan Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Server: General Severity:S3 (Non-critical)
Version:5.0, 5.1, mysql-trunk OS:Any
Assigned to: Georgi Kodinov CPU Architecture:Any
Tags: show, STATUS
Triage: Triaged: D2 (Serious)

[7 May 2010 15:13] Mark Callaghan
Description:
add_to_status() and add_diff_to_status() assume all fields in STATUS var from the start to "last_system_status_var" (questions) are long/ulong. Alas, they are not:

typedef struct system_status_var
{
  ulonglong bytes_received;
  ulonglong bytes_sent;
  ulong com_other;
...

The code in add_to_status() and add_diff_to_status() produce incorrect results for bytes_received and bytes_sent when there is overflow in the long/ulong addition done on the low 4 bytes.

How to repeat:
Read the code. Why are the requirements on the STATUS_VAR struct listed here but not in the declaration of the struct?

-----------------

/*
  Add all status variables to another status variable array

  SYNOPSIS
   add_to_status()
   to_var       add to this array
   from_var     from this array

  NOTES
    This function assumes that all variables are long/ulong.
    If this assumption will change, then we have to explictely add
    the other variables after the while loop
*/

void add_to_status(STATUS_VAR *to_var, STATUS_VAR *from_var)
{
  ulong *end= (ulong*) ((uchar*) to_var +
                        offsetof(STATUS_VAR, last_system_status_var) +
                        sizeof(ulong));
  ulong *to= (ulong*) to_var, *from= (ulong*) from_var;

  while (to != end)
    *(to++)+= *(from++);
}

Suggested fix:
Add a comment to STATUS_VAR to describe the long/ulong field requirement.
Move bytes_received, bytes_sent to the end of the struct.
Do math on them directly.
[8 May 2010 11:58] Valeriy Kravchuk
Verified by code review of sql/sql_class.h:

/* per thread status variables */

typedef struct system_status_var
{
  ulonglong bytes_received;
  ulonglong bytes_sent;
  ulong com_other;
  ulong com_stat[(uint) SQLCOM_END];
  ulong created_tmp_disk_tables;
  ulong created_tmp_tables;
...
[5 Jul 2010 13:44] Bugs System
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/112895

3465 Georgi Kodinov	2010-07-05
      Bug #53493 : add_to_status does not handle the longlong fields in STATUS_VAR
      
      Done a little code cleanup in struct system_status_var.
      Although no real wrong data were returned (since the two non-conformingly
      sized variables were never referenced through 
      add_to_status()/add_diff_to_status()) it's still error-prone and not a 
      good programming style. 
      Fixed by moving the two variables outside of the reach of 
      add_to_status()/add_diff_to_status().
[7 Jul 2010 13:58] Bugs System
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/113035

3465 Georgi Kodinov	2010-07-07
      Bug #53493 : add_to_status does not handle the longlong fields in STATUS_VAR
      
      Created a provision to handle correctly a set of ulonglong status variables
      in addition to the ulong status variables. Moved bytes_received/bytes_sent
      into the new ulonglong group, so that add_to_status()/add_diff_to_status()
      can handle them correctly.
[14 Jul 2010 8:50] Bugs System
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/113521

3465 Georgi Kodinov	2010-07-14
      Bug #53493 : add_to_status does not handle the longlong fields in STATUS_VAR
      
      bytes_received/bytes_sent are ulonglong so they cannot be handled by the 
      ulong handling code in add_to_status/add_diff_to_status().
      
      Fixed by adding code to handle these two variables in 
      add_to_status()/add_diff_to_status() and making sure they are not a subject
      to the ulong handling code.
[14 Jul 2010 11:01] Bugs System
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/113546

3480 Georgi Kodinov	2010-07-14
      Bug #53493 : add_to_status does not handle the longlong fields in STATUS_VAR
      
      bytes_received/bytes_sent are ulonglong so they cannot be handled by the 
      ulong handling code in add_to_status/add_diff_to_status().
      
      Fixed by adding code to handle these two variables in 
      add_to_status()/add_diff_to_status() and making sure they are not a subject
      to the ulong handling code.
[23 Jul 2010 12:23] Bugs System
Pushed into mysql-trunk 5.5.6-m3 (revid:alik@sun.com-20100723121820-jryu2fuw3pc53q9w) (version source revid:vasil.dimov@oracle.com-20100531152341-x2d4hma644icamh1) (merge vers: 5.5.5-m3) (pib:18)
[23 Jul 2010 12:30] Bugs System
Pushed into mysql-next-mr (revid:alik@sun.com-20100723121929-90e9zemk3jkr2ocy) (version source revid:vasil.dimov@oracle.com-20100531152341-x2d4hma644icamh1) (pib:18)
[3 Aug 2010 17:23] Paul Dubois
Noted in 5.1.50, 5.5.6 changelogs.

Portability problems in SHOW STATUS could lead to incorrect results
on some platforms.
[19 Aug 2010 15:41] Bugs System
Pushed into mysql-5.1 5.1.51 (revid:build@mysql.com-20100819151858-muaaor6jojb5ouzj) (version source revid:build@mysql.com-20100819151858-muaaor6jojb5ouzj) (merge vers: 5.1.51) (pib:20)
[14 Oct 2010 8:31] Bugs System
Pushed into mysql-5.1-telco-7.0 5.1.51-ndb-7.0.20 (revid:martin.skold@mysql.com-20101014082627-jrmy9xbfbtrebw3c) (version source revid:martin.skold@mysql.com-20101014082627-jrmy9xbfbtrebw3c) (merge vers: 5.1.51-ndb-7.0.20) (pib:21)
[14 Oct 2010 8:47] Bugs System
Pushed into mysql-5.1-telco-6.3 5.1.51-ndb-6.3.39 (revid:martin.skold@mysql.com-20101014083757-5qo48b86d69zjvzj) (version source revid:martin.skold@mysql.com-20101014083757-5qo48b86d69zjvzj) (merge vers: 5.1.51-ndb-6.3.39) (pib:21)
[14 Oct 2010 9:01] Bugs System
Pushed into mysql-5.1-telco-6.2 5.1.51-ndb-6.2.19 (revid:martin.skold@mysql.com-20101014084420-y54ecj85j5we27oa) (version source revid:martin.skold@mysql.com-20101014084420-y54ecj85j5we27oa) (merge vers: 5.1.51-ndb-6.2.19) (pib:21)
[14 Oct 2010 15:03] Jon Stephens
Already documented in the 5.1.50 changelog; no new changelog entries required. setting back to Closed state.