Bug #55062 default_directories=NULL as parameter avoid initialization & casue app cores
Submitted: 7 Jul 2010 18:22 Modified: 12 Aug 2010 19:34
Reporter: Jonathan Miller Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Server: Embedded Library ( libmysqld ) Severity:S2 (Serious)
Version:mysql-next-mr OS:Any
Assigned to: Libing Song CPU Architecture:Any
Tags: next-mr-rpl-merge

[7 Jul 2010 18:22] Jonathan Miller 
Description:
As you can see what happening here:
* before - dirs was always initialized properly
* now after that buggy patch when we got default_directories=NULL as parameter we avoid initialization of dirs

i.e. + const char **dirs= NULL; (is always set to NULL)

This will later cause client application to crash with the following:

#0  0x00002b27794917c0 in my_search_option_files (conf_file=0x2b27794edd87 "my", argc=<value optimized out>,
    argv=<value optimized out>, args_used=0x7fff31779bcc, func=0x2b27794907f0 <handle_default_option>,
    func_ctx=0x7fff31779b90, default_directories=0x0)
    at /export/home/tmp/qauser/clones/builds/clone-mysql-next-mr-2010_07_07.28226/mysys/default.c:259
259     /export/home/tmp/qauser/clones/builds/clone-mysql-next-mr-2010_07_07.28226/mysys/default.c: No such file or directory.
        in /export/home/tmp/qauser/clones/builds/clone-mysql-next-mr-2010_07_07.28226/mysys/default.c
(gdb) bt
#0  0x00002b27794917c0 in my_search_option_files (conf_file=0x2b27794edd87 "my", argc=<value optimized out>,
    argv=<value optimized out>, args_used=0x7fff31779bcc, func=0x2b27794907f0 <handle_default_option>,
    func_ctx=0x7fff31779b90, default_directories=0x0)
    at /export/home/tmp/qauser/clones/builds/clone-mysql-next-mr-2010_07_07.28226/mysys/default.c:259
#1  0x00002b2779491f15 in my_load_defaults (conf_file=0x2b27794edd87 "my", groups=0x7fff31779c10,
    argc=0x7fff31779c4c, argv=0x7fff31779c38, default_directories=0x0)
    at /export/home/tmp/qauser/clones/builds/clone-mysql-next-mr-2010_07_07.28226/mysys/default.c:507
#2  0x00002b2779479e41 in mysql_read_default_options (options=0x5812b0, filename=0x2b27794edd87 "my",
    group=<value optimized out>)
    at /export/home/tmp/qauser/clones/builds/clone-mysql-next-mr-2010_07_07.28226/sql-common/client.c:1195

The bug was first introduced into the replication mysql-next-mr clone and then merged into the main mysql-next,mr clone. 

Here are the merges that introduced this bug.

       revno: 3163 [merge]
       committer: Alexander Nozdrin <alik@sun.com>
       branch nick: mysql-next-mr
       timestamp: Sat 2010-06-26 11:39:21 +0400
       message:
       Auto-merge from mysql-next-mr-rpl-merge.
       diff:
       === modified file 'mysys/default.c'
       --- mysys/default.c 2010-03-20 09:35:40 +0000
       +++ mysys/default.c 2010-06-22 09:34:59 +0000
       @@ -458,11 +458,12 @@
       MEM_ROOT alloc;
       char *ptr,**res;
       struct handle_option_ctx ctx;
       - const char **dirs;
       + const char **dirs= NULL;
       DBUG_ENTER("load_defaults");
       init_alloc_root(&alloc,512,0);
       - if ((dirs= init_default_directories(&alloc)) == NULL)
       + if (default_directories != NULL &&
       + (dirs= init_default_directories(&alloc)) == NULL)
       goto err;
       /*
       Check if the user doesn't want any default option processing
       originally it was pushed to mysql-next-mr-rpl-merge
       by
       revno: 2997 [merge]
       committer: He Zhenxing <zhenxing.he@sun.com>
       branch nick: next-mr-rpl-merge
       timestamp: Tue 2010-06-22 20:58:10 +0800
       message:
       Manual merge
       diff:
       === modified file 'mysys/default.c'
       --- mysys/default.c 2010-03-20 09:35:40 +0000
       +++ mysys/default.c 2010-06-22 09:34:59 +0000
       @@ -458,11 +458,12 @@
       MEM_ROOT alloc;
       char *ptr,**res;
       struct handle_option_ctx ctx;
       - const char **dirs;
       + const char **dirs= NULL;
       DBUG_ENTER("load_defaults");
       init_alloc_root(&alloc,512,0);
       - if ((dirs= init_default_directories(&alloc)) == NULL)
       + if (default_directories != NULL &&
       + (dirs= init_default_directories(&alloc)) == NULL)
       goto err;
       /*

How to repeat:
n/a

Suggested fix:
ensure initialization of dirs
[11 Jul 2010 1:05] Bugs System 
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/113289

3202 Li-Bing.Song@sun.com	2010-07-11
      Postfix for WL#4677, it also fix Bug#55062.
     @ client/mysqlbinlog.cc
        Fix compiling warning. At some platform, long is 32bit.
        4*1024L*1024L*1024L is large than the biggest int number.
     @ mysql-test/include/mtr_warnings.sql
        Warning messages are changed, so we have to change the suppression sql.
     @ mysql-test/mysql-test-run.pl
        Add code to wait server's UUID generated
     @ mysys/default.c
        Revert the code to fix bug#55062
     @ sql/mysqld.cc
        Improve the error and warning messages.
     @ sql/rpl_record.cc
        Fix a compiling warning.
     @ sql/slave.cc
        Improve the error and warning messages.
[19 Jul 2010 10:21] Bugs System 
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/113850

3310 Li-Bing.Song@sun.com	2010-07-19
      BUG#55062 default_directories=NULL as parameter avoid initialization & casue app cores
      
      Revert the code introduced by WL#4677 in mysys/default.c. It has been pushed to
      mysql-next-mr-rpl-merge with the postfix for WL#4677. But we want it to be pushed
      into mysql-next-mr ASAS. So we push a separate patch to mysql-next-mr-bugfixing.
[20 Jul 2010 8:10] Libing Song 
the bug was actually a post-push fix for
WL#4677 and that it was just about reverting
the spurious change introduced by WL#4677
cset;
The postfix is
revision-id: li-bing.song@sun.com-20100711011821-9kaqt8myo98oibgj
[23 Jul 2010 12:34] Bugs System 
Pushed into mysql-next-mr (revid:alik@sun.com-20100723121929-90e9zemk3jkr2ocy) (version source revid:vasil.dimov@oracle.com-20100531152341-x2d4hma644icamh1) (pib:18)
[4 Aug 2010 8:08] Bugs System 
Pushed into mysql-trunk 5.6.1-m4 (revid:alik@ibmvm-20100804080001-bny5271e65xo34ig) (version source revid:vasil.dimov@oracle.com-20100531152341-x2d4hma644icamh1) (merge vers: 5.5.5-m3) (pib:18)
[4 Aug 2010 8:24] Bugs System 
Pushed into mysql-trunk 5.6.1-m4 (revid:alik@ibmvm-20100804081533-c1d3rbipo9e8rt1s) (version source revid:vasil.dimov@oracle.com-20100531152341-x2d4hma644icamh1) (merge vers: 5.5.5-m3) (pib:18)
[12 Aug 2010 19:34] Paul DuBois 
Noted in 5.6.0 changelog.

The embedded server could crash when determining which directories to
search for option files.