Bug #67437 init_io_cache() has suspicious memset()
Submitted: 31 Oct 2012 12:48 Modified: 10 Dec 2012 16:49
Reporter: Jon Olav Hauglid Email Updates:
Status: Closed Impact on me:
Category:MySQL Server: Logging Severity:S3 (Non-critical)
Version:5.6.6-m9 OS:Any
Assigned to: Jon Olav Hauglid CPU Architecture:Any

[31 Oct 2012 12:48] Jon Olav Hauglid
init_io_cache() has the following line:

memset(&info->append_buffer_lock, 0, sizeof(info));

So we try to clear info->append_buffer_lock using the size of info,
not the size of info->append_buffer_lock.

Originally reported by Mr. Left on the internals@ mailing list.
See http://lists.mysql.com/internals/38621

How to repeat:
Code inspection.

Suggested fix:
Use the sizeof info->append_buffer_lock.
[1 Nov 2012 8:25] Shaukat Mahmood Ahmad
instead of using sizeof operator with variable / instance type name should be used  because if variable / instance is pointer memset will only set the first 4 bytes, (in context of this issue sizeof(info->append_buffer_lock) will work , but  I will suggest to use sizeof(mysql_mutex_t) for clarity of code). 

my reply to tread: http://lists.mysql.com/internals/38624

Shaukat Mahmood Ahmad
[10 Dec 2012 16:49] Paul DuBois
Noted in 5.6.9, 5.7.0 changelogs.

init_io_cache() used memset() to clear a mutex but passed the wrong
mutex size.