| Bug #57931 | Crash when argc = 0 due to incorrect replacement with valid argument list | ||
|---|---|---|---|
| Submitted: | 2 Nov 2010 14:49 | Modified: | 29 Jul 2011 16:53 |
| Reporter: | Bartosz Fabianowski | Email Updates: | |
| Status: | Closed | Impact on me: | |
| Category: | MySQL Server: Embedded Library ( libmysqld ) | Severity: | S3 (Non-critical) |
| Version: | 5.5.6, 5.6.99 | OS: | Any |
| Assigned to: | Ramil Kalimullin | CPU Architecture: | Any |
| Tags: | Contribution | ||
[3 Nov 2010 10:44]
Sveta Smirnova
Thank you for the report. Verified as described. To repeat get example from http://dev.mysql.com/doc/refman/5.5/en/mysql-library-init.html ("For convenience, argc may be 0 (zero) if there are...") and get: $./bug57931 my_getopt.c:125: failed assertion `argc && *argc >= 1' Abort trap
[13 Jan 2011 5:45]
[ name withheld ]
An even easier way to test this is to run mysqltest_embedded without any command-line arguments. The proposed patch fixes that for me.
[29 Jul 2011 15:46]
[ name withheld ]
This appears to have been silently fixed in 5.5.15. I appreciate the fix, but isn't there a process to follow here?
[29 Jul 2011 15:53]
Davi Arnaut
http://lists.mysql.com/commits/139170
[29 Jul 2011 16:54]
Paul DuBois
Noted in 5.5.16, 5.6.3 changelogs. The embedded server crashed when argc = 0.
Description: All line numbers refer to lib_sql.cc from version 5.5.6. When using the embedded server, init_embedded_server() takes arguments in argc and argv. It is permissible to set argc = argv = 0 if no arguments are needed. However, the argument parsing done by load_defaults() in line 507 and by init_common_variables() requires argc >= 1 and an existent argv[0]. The code that ensures this is broken. In lines 491 and 492, argcp and argvp are pointed at fake_argc and fake_argv. These are then passed to load_defaults(), supplying it with fake argument list that has *argcp = 1 entries. Function init_common_variables() operates on remaining_argc and remaining_argv. As set in lines 510 and 511, these are identical to the original argc and argv. Thus, when argc = 0, so is remaining_argc and init_common_variables() crashes in handle_options(). How to repeat: Initialize an embedded server with argc = argv = 0. Suggested fix: It must be ensured that remaining_argc >= 1 and remaining_argv[0] exists. If I understand the code in bzr before the current incarnation correctly, remaining_argc and remaining_argv may be initialized to the same values as defaults_argc and defaults_argv. Thus, the following patch should fix the issue (and fixes the crash for me): --- libmysqld/lib_sql.cc.orig 2010-11-01 14:24:38.000000000 +0000 +++ libmysqld/lib_sql.cc 2010-11-01 14:24:54.000000000 +0000 @@ -507,8 +507,8 @@ load_defaults("my", (const char **)groups, argcp, argvp); defaults_argc= *argcp; defaults_argv= *argvp; - remaining_argc= argc; - remaining_argv= argv; + remaining_argc= *argcp; + remaining_argv= *argvp; /* Must be initialized early for comparison of options name */ system_charset_info= &my_charset_utf8_general_ci;