Commit c4bf4b7a authored by Monty's avatar Monty

Fixed access to undefined memory found by valgrind and MSAN

When my_vsnprintf() is patched, the code protected disabled with
'WAITING_FOR_BUGFIX_TO_VSPRINTF' should be enabled again. Also all %b
formats in this patch should be revert to %s again
parent dcc0baf5
......@@ -64,7 +64,7 @@ typedef struct st_pointer_array { /* when using array-strings */
#define LAST_CHAR_CODE 259
typedef struct st_replace {
my_bool found;
uint8 found;
struct st_replace *next[256];
} REPLACE;
......@@ -654,7 +654,13 @@ static REPLACE *init_replace(char * *from, char * *to,uint count,
for (i=1 ; i <= found_sets ; i++)
{
pos=from[found_set[i-1].table_offset];
rep_str[i].found= (my_bool) (!memcmp(pos,"\\^",3) ? 2 : 1);
/*
Test if we are matching start of string (\^)
We can't use bcmp() here as pos may be only 1 character and
that would confuse MSAN.
*/
rep_str[i].found= (uint8) ((pos[0] == '\\' && pos[1] == '^' &&
pos[2] == 0) ? 2 : 1);
rep_str[i].replace_string=to_array[found_set[i-1].table_offset];
rep_str[i].to_offset=found_set[i-1].found_offset-start_at_word(pos);
rep_str[i].from_offset=found_set[i-1].found_offset-replace_len(pos)+
......
......@@ -52,7 +52,10 @@ extern void _db_enter_(const char *_func_, const char *_file_, uint _line_,
extern void _db_return_(struct _db_stack_frame_ *_stack_frame_);
extern int _db_pargs_(uint _line_,const char *keyword);
extern void _db_doprnt_(const char *format,...)
ATTRIBUTE_FORMAT(printf, 1, 2);
#ifdef WAITING_FOR_BUGFIX_TO_VSPRINTF
ATTRIBUTE_FORMAT(printf, 1, 2)
#endif
;
extern void _db_dump_(uint _line_,const char *keyword,
const unsigned char *memory, size_t length);
extern void _db_end_(void);
......
......@@ -3,6 +3,8 @@
#
--source include/big_test.inc
# Test will take more than one hour with valgrind
--source include/not_valgrind.inc
--source include/have_innodb.inc
--source include/have_sequence.inc
......
......@@ -750,45 +750,6 @@
# Note the wildcard in the (mangled) function signatures of
# write_keys() and find_all_keys().
# They both return ha_rows, which is platform dependent.
#
# The '...' wildcards are for 'fun:inline_mysql_file_write' and
# 'fun:find_all_keys' which *may* be inlined.
{
Bug#12856915 VALGRIND FAILURE IN FILESORT/CREATE_SORT_INDEX / one
Memcheck:Param
write(buf)
obj:*/libpthread*.so
fun:my_write
...
fun:my_b_flush_io_cache
fun:_my_b_write
fun:_Z*10write_keysP13st_sort_paramPPhjP11st_io_cacheS4_
...
fun:_Z8filesortP3THDP5TABLEP13st_sort_fieldjP10SQL_SELECTybPy
}
{
Bug#12856915 VALGRIND FAILURE IN FILESORT/CREATE_SORT_INDEX / two
Memcheck:Param
write(buf)
obj:*/libpthread*.so
fun:my_write
...
fun:my_b_flush_io_cache
fun:_Z15merge_many_buffP13st_sort_paramPhP10st_buffpekPjP11st_io_cache
fun:_Z8filesortP3THDP5TABLEP13st_sort_fieldjP10SQL_SELECTybPy
}
{
Bug#12856915 VALGRIND FAILURE IN FILESORT/CREATE_SORT_INDEX / three
Memcheck:Param
write(buf)
obj:*/libpthread*.so
fun:my_write
...
fun:my_b_flush_io_cache
fun:_Z8filesortP3THDP5TABLEP13st_sort_fieldjP10SQL_SELECTybPy
}
{
OpenSSL still reachable.
......
......@@ -1411,7 +1411,7 @@ void Type_handler_inet6::sort_length(THD *thd,
const Type_std_attributes *item,
SORT_FIELD_ATTR *attr) const
{
attr->length= Inet6::binary_length();
attr->original_length= attr->length= Inet6::binary_length();
attr->suffix_length= 0;
}
......
......@@ -728,8 +728,8 @@ bool Item_subselect::exec()
QT_WITHOUT_INTRODUCERS));
push_warning_printf(thd, Sql_condition::WARN_LEVEL_NOTE,
ER_UNKNOWN_ERROR, "DBUG: Item_subselect::exec %.*s",
print.length(),print.c_ptr());
ER_UNKNOWN_ERROR, "DBUG: Item_subselect::exec %.*b",
print.length(),print.ptr());
);
/*
Do not execute subselect in case of a fatal error
......
......@@ -1218,7 +1218,7 @@ bool Protocol_text::store(const char *from, size_t length,
{
CHARSET_INFO *tocs= this->thd->variables.character_set_results;
#ifndef DBUG_OFF
DBUG_PRINT("info", ("Protocol_text::store field %u (%u): %.*s", field_pos,
DBUG_PRINT("info", ("Protocol_text::store field %u (%u): %.*b", field_pos,
field_count, (int) length, (length == 0 ? "" : from)));
DBUG_ASSERT(field_handlers == 0 || field_pos < field_count);
DBUG_ASSERT(valid_handler(field_pos, PROTOCOL_SEND_STRING));
......
......@@ -52,8 +52,9 @@ static inline void output_core_info()
char buff[PATH_MAX];
ssize_t len;
int fd;
if ((len= readlink("/proc/self/cwd", buff, sizeof(buff))) >= 0)
if ((len= readlink("/proc/self/cwd", buff, sizeof(buff)-1)) >= 0)
{
buff[len]= 0;
my_safe_printf_stderr("Writing a core file...\nWorking directory at %.*s\n",
(int) len, buff);
}
......
......@@ -1900,7 +1900,7 @@ tz_load_from_open_tables(const String *tz_name, TABLE_LIST *tz_tables)
Most probably user has mistyped time zone name, so no need to bark here
unless we need it for debugging.
*/
sql_print_error("Can't find description of time zone '%.*s'",
sql_print_error("Can't find description of time zone '%.*b'",
tz_name->length(), tz_name->ptr());
#endif
goto end;
......
......@@ -519,9 +519,10 @@ my_bool _ma_bitmap_flush_all(MARIA_SHARE *share)
#ifdef EXTRA_DEBUG_BITMAP
{
char tmp[MAX_BITMAP_INFO_LENGTH];
_ma_get_bitmap_description(bitmap, bitmap->map, bitmap->page, tmp);
size_t len;
len= _ma_get_bitmap_description(bitmap, bitmap->map, bitmap->page, tmp);
(void) translog_log_debug_info(0, LOGREC_DEBUG_INFO_QUERY,
(uchar*) tmp, strlen(tmp));
(uchar*) tmp, len);
}
#endif
......@@ -957,13 +958,13 @@ void _ma_print_bitmap(MARIA_FILE_BITMAP *bitmap, uchar *data,
Return content of bitmap as a printable string
*/
void _ma_get_bitmap_description(MARIA_FILE_BITMAP *bitmap,
size_t _ma_get_bitmap_description(MARIA_FILE_BITMAP *bitmap,
uchar *bitmap_data,
pgcache_page_no_t page,
char *out)
{
uchar *pos, *end;
uint count=0, dot_printed= 0, len;
size_t count=0, dot_printed= 0, len;
char buff[80], last[80];
page++;
......@@ -1000,6 +1001,7 @@ void _ma_get_bitmap_description(MARIA_FILE_BITMAP *bitmap,
memcpy(out+len, buff, count);
out[len + count]= '\n';
out[len + count + 1]= 0;
return len + count + 1;
}
......
......@@ -245,7 +245,7 @@ void _ma_bitmap_set_pagecache_callbacks(PAGECACHE_FILE *file,
void _ma_print_bitmap(MARIA_FILE_BITMAP *bitmap, uchar *data,
pgcache_page_no_t page);
#endif
void _ma_get_bitmap_description(MARIA_FILE_BITMAP *bitmap,
size_t _ma_get_bitmap_description(MARIA_FILE_BITMAP *bitmap,
uchar *bitmap_data,
pgcache_page_no_t page,
char *out);
......
......@@ -2238,7 +2238,7 @@ prototype_redo_exec_hook(CLR_END)
prototype_redo_exec_hook(DEBUG_INFO)
{
uchar *data;
char *data;
enum translog_debug_info_type debug_info;
enlarge_buffer(rec);
......@@ -2251,11 +2251,10 @@ prototype_redo_exec_hook(DEBUG_INFO)
return 1;
}
debug_info= (enum translog_debug_info_type) log_record_buffer.str[0];
data= log_record_buffer.str + 1;
data= (char*) log_record_buffer.str + 1;
switch (debug_info) {
case LOGREC_DEBUG_INFO_QUERY:
tprint(tracef, "Query: %.*s\n", rec->record_length - 1,
(char*) data);
tprint(tracef, "Query: %.*b\n", (int) rec->record_length - 1, data);
break;
default:
DBUG_ASSERT(0);
......
......@@ -31,7 +31,12 @@ extern FILE *tracef;
my_bool _ma_redo_not_needed_for_page(uint16 shortid, LSN lsn,
pgcache_page_no_t page,
my_bool index);
#ifdef WAITING_FOR_BUGFIX_TO_VSPRINTF
void tprint(FILE *trace_file, const char *format, ...)
ATTRIBUTE_FORMAT(printf, 2, 3);
void eprint(FILE *trace_file, const char *format, ...)
ATTRIBUTE_FORMAT(printf, 2, 3);
#else
void tprint(FILE *trace_file, const char *format, ...);
void eprint(FILE *trace_file, const char *format, ...);
#endif
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment