Bug #80574 mysql_real_connect is not thread safe WRT charset dir option
Submitted: 1 Mar 2016 12:50 Modified: 1 Mar 2016 16:14
Reporter: Richard Prohaska Email Updates:
Status: Verified Impact on me:
None 
Category:MySQL Server: C API (client library) Severity:S3 (Non-critical)
Version:5.7.11 OS:Ubuntu (15.10)
Assigned to: CPU Architecture:Any

[1 Mar 2016 12:50] Richard Prohaska
Description:
The thread sanitizer found a data race in the "mysql_real_connect" function when processing the character set directory option.  This data race means that the "mysql_real_connect" function is not thread safe.   The data race occurs in the MySQL client connection code because  the character set directory option is stored in a global variable and is used without serialization by the client side connection code.  I suspect that the  character set directory option is not typically used by most MySQL clients.  However, since the option exists, it should work correctly.

Here are some details of the bug.  When MySQL 5.7.11 is built with the thread sanitizer enabled and the mysqlslap test is run, the thread sanitizer reports a data race in the client side connection software.  The data race occurs in the "mysql_set_character_set_with_default_collation" function, which is called when the client is executing the "mysql_real_connect" function.  The data race occurs because the character set directory option to the "mysql_real_connect" function is temporarily stored in the "charset_dir" global variable so that it can be used by some other internal functions.  Since there is no serialization on this global variable, the thread sanitizer reports a data race.  The effect of this bug is that the character set directory for one thread can be used by another thread erroneously.

How to repeat:
The data race in the client side connection software can also be demonstrated when running a simplified mysqlslap test with helgrind.

Suggested fix:
A possible bug fix could serialize the "mysql_set_characeter_set_with_default_collation" function since it is not thread safe.  Alternatively, the charset directory could be passed as a function parameter rather than as a global variable to various internal functions.
[1 Mar 2016 13:51] Miguel Solorzano
Thank you for the bug report. Duplicate of bug https://bugs.mysql.com/bug.php?id=79510.
[1 Mar 2016 14:54] Richard Prohaska
I disagree with your assessment.  The top level problem description is similar, but the underlying cause is completely different.  If this bug is marked as a duplicate, the underlying cause will not be addressed.
[1 Mar 2016 16:10] Sinisa Milivojevic
Hi Mr. Prohaska,

You are quite right. Both bugs deal with thread safety in the client library, but are essentially different.

Your bug is of the much less importance, though, because it would pop-up only if each client thread would use a different character set !!!!

So, it is verified, but with a low priority.
[1 Mar 2016 16:14] Richard Prohaska
I don't have knowledge about the QA process used by MySQL to test MySQL.  IMO, the use of data race detectors like helgrind or the thread sanitizer should be supported by MySQL and used as part of the QA process.  This would allow LOTS of bugs to be identified before the code is shipped out to customers.