Bug #68896 VARARG Errors - Coverity results
Submitted: 9 Apr 2013 7:51 Modified: 13 Nov 2013 23:28
Reporter: Jan Staněk (OCA) Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Server: Logging Severity:S3 (Non-critical)
Version:5.5.28 OS:Linux
Assigned to: CPU Architecture:Any
Tags: Contribution

[9 Apr 2013 7:51] Jan Staněk
Description:
Fixes related to results of Coverity static analyzer tool

How to repeat:
Preform the static analysis

Suggested fix:
Coverity static analysis tool results (mysql-5.5.28):
Error: VARARGS (CWE-234): [#def1157]
mysql-5.5.28/sql/log.cc:4394: va_init: Initializing va_list "args".
mysql-5.5.28/sql/log.cc:4401: cond_false: Condition "my_b_append(&this->log_file, (uchar *)buf, len)", taking false branch
mysql-5.5.28/sql/log.cc:4405: if_end: End of if statement
mysql-5.5.28/sql/log.cc:4407: cond_true: Condition "buf = va_arg (args, char const *)", taking true branch
mysql-5.5.28/sql/log.cc:4407: cond_true: Condition "len = va_arg (args, uint)", taking true branch
mysql-5.5.28/sql/log.cc:4400: loop_begin: Jumped back to beginning of loop
mysql-5.5.28/sql/log.cc:4401: cond_true: Condition "my_b_append(&this->log_file, (uchar *)buf, len)", taking true branch
mysql-5.5.28/sql/log.cc:4404: goto: Jumping to label "err"
mysql-5.5.28/sql/log.cc:4413: label: Reached label "err"
mysql-5.5.28/sql/log.cc:4414: cond_false: Condition "!error", taking false branch
mysql-5.5.28/sql/log.cc:4416: missing_va_end: va_end was not called for "args".

Error: VARARGS (CWE-234): [#def1158]
mysql-5.5.28/strings/ctype-ucs2.c:994: va_init: Initializing va_list "args".
mysql-5.5.28/strings/ctype-ucs2.c:995: missing_va_end: va_end was not called for "args".

Error: VARARGS (CWE-234): [#def1159]
mysql-5.5.28/strings/ctype-ucs2.c:2095: va_init: Initializing va_list "args".
mysql-5.5.28/strings/ctype-ucs2.c:2096: missing_va_end: va_end was not called for "args".

diff -up mysql-5.5.30/sql/log.cc.broken mysql-5.5.30/sql/log.cc
--- mysql-5.5.30/sql/log.cc.broken	2013-04-08 15:10:49.294586170 +0200
+++ mysql-5.5.30/sql/log.cc	2013-04-08 15:11:05.622611810 +0200
@@ -4426,6 +4426,7 @@ bool MYSQL_BIN_LOG::appendv(const char*
 err:
   if (!error)
     signal_update();
+  va_end(args);
   DBUG_RETURN(error);
 }
 
diff -up mysql-5.5.30/strings/ctype-ucs2.c.broken mysql-5.5.30/strings/ctype-ucs2.c
--- mysql-5.5.30/strings/ctype-ucs2.c.broken	2013-04-08 15:14:12.436896551 +0200
+++ mysql-5.5.30/strings/ctype-ucs2.c	2013-04-08 15:15:45.852034030 +0200
@@ -990,9 +990,12 @@ static size_t
 my_snprintf_mb2(CHARSET_INFO *cs __attribute__((unused)),
                 char* to, size_t n, const char* fmt, ...)
 {
+  register size_t retval;
   va_list args;
   va_start(args,fmt);
-  return my_vsnprintf_mb2(to, n, fmt, args);
+  retval = my_vsnprintf_mb2(to, n, fmt, args);
+  va_end(args);
+  return retval;
 }
 
 
@@ -2091,9 +2094,12 @@ static size_t
 my_snprintf_utf32(CHARSET_INFO *cs __attribute__((unused)),
                   char* to, size_t n, const char* fmt, ...)
 {
+  register size_t retval;
   va_list args;
   va_start(args,fmt);
-  return my_vsnprintf_utf32(to, n, fmt, args);
+  retval = my_vsnprintf_utf32(to, n, fmt, args);
+  va_end(args);
+  return retval;
 }
[15 Apr 2013 19:10] Sveta Smirnova
Thank you for the report.

Before considering to apply your patches we need you to sign Oracle Contributo Agreement as described at http://bugs.mysql.com/bug.php?id=68896&contribs=1

Please sign and update the report.
[25 Apr 2013 19:18] Sveta Smirnova
Thank you for the report.

Verified as described.

Please sign OCA and update this report. Otherwise we would not be able to take your patch.
[13 Nov 2013 23:28] Paul DuBois
Noted in 5.6.15, 5.7.3 changelogs.

Missing va_end() calls were added to logging and UCS2 code. Thanks to
Jan Staněk for the patch.