Bug #58517 Alignment sensitive code in rpl_mi.cc causes SIGBUS
Submitted: 26 Nov 2010 12:35 Modified: 14 Dec 2010 6:52
Reporter: Magnus Blåudd Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Server: Replication Severity:S3 (Non-critical)
Version:5.6.1-m5 OS:Solaris
Assigned to: Magnus Blåudd CPU Architecture:Any

[26 Nov 2010 12:35] Magnus Blåudd 
Description:
The code in rpl_mi.cc is _very_ alignment sensitive causing SIGBUS.

Crash occurs on Solaris when reading ssl_verify_server_cert from storage if ssl_verify_server_cert is not on a word boundary.

/*
  Starting from 5.1.16 ssl_verify_server_cert might be
  in the file
*/
if (lines >= LINE_FOR_MASTER_SSL_VERIFY_SERVER_CERT)
{
  if (from->get_info((int *) &ssl_verify_server_cert, 0))
                     ^^^^^^

"ssl_verify_server_cert" is also of type my_bool which is char if I remember correctly. So on other platforms we write 4 bytes into 1 in 'init_intvar_from_file(int* var, ...)"

  char buf[32];
  DBUG_ENTER("init_intvar_from_file");

  if (my_b_gets(f, buf, sizeof(buf)))
  {
    *var = atoi(buf);
    ^^^^^

is my_bool really same size as int? Otherwise potential problem with
this code.

Let's chat on IRC during the day if you have time. And are not on
strike... :=) 

How to repeat:
Modify the currently aligned layout of class Master_info(for example like I did when inserting "char bind_addr[]" variable before my_bool ssl_verify_server_cert.

Suggested fix:
=== modified file 'sql/rpl_mi.cc'
--- sql/rpl_mi.cc	2010-11-25 11:20:16 +0000
+++ sql/rpl_mi.cc	2010-11-26 12:34:29 +0000
@@ -281,6 +281,7 @@ bool Master_info::read_info(Rpl_info_han
   char *first_non_digit= NULL;
   ulong temp_master_log_pos= 0;
   int temp_ssl= 0;
+  int temp_ssl_verify_server_cert = 0;
 
   DBUG_ENTER("Master_info::read_info");
 
@@ -337,7 +338,7 @@ bool Master_info::read_info(Rpl_info_han
   */
   if (lines >= LINES_IN_MASTER_INFO_WITH_SSL)
   {
-    if (from->get_info((int *) &temp_ssl, 0) ||
+    if (from->get_info(&temp_ssl, 0) ||
         from->get_info(ssl_ca, sizeof(ssl_ca), 0) ||
         from->get_info(ssl_capath, sizeof(ssl_capath), 0) ||
         from->get_info(ssl_cert, sizeof(ssl_cert), 0) ||
@@ -352,7 +353,7 @@ bool Master_info::read_info(Rpl_info_han
   */
   if (lines >= LINE_FOR_MASTER_SSL_VERIFY_SERVER_CERT)
   { 
-    if (from->get_info((int *) &ssl_verify_server_cert, 0))
+    if (from->get_info(&temp_ssl_verify_server_cert, 0))
       DBUG_RETURN(TRUE);
   }
 
@@ -401,6 +402,7 @@ bool Master_info::read_info(Rpl_info_han
   }
 
   ssl= (my_bool) temp_ssl;
+  ssl_verify_server_cert= (my_bool) temp_ssl_verify_server_cert;
   master_log_pos= (my_off_t) temp_master_log_pos;
 #ifndef HAVE_OPENSSL
   if (ssl)
[26 Nov 2010 12:36] Bugs System 
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/125132
[26 Nov 2010 13:59] Bugs System 
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/125153
[29 Nov 2010 17:33] Luis Soares 
Queued in mysql-trunk-bugfixing.
[5 Dec 2010 12:42] Bugs System 
Pushed into mysql-trunk 5.6.1 (revid:alexander.nozdrin@oracle.com-20101205122447-6x94l4fmslpbttxj) (version source revid:alexander.nozdrin@oracle.com-20101205122447-6x94l4fmslpbttxj) (merge vers: 5.6.1) (pib:23)
[14 Dec 2010 6:52] Jon Stephens 
Issue doesn't occur in a 5.6 release; closed without further action.