From: Marc Alff Date: September 15 2010 8:24pm Subject: bzr push into mysql-5.5-bugfixing branch (marc.alff:3206 to 3207) Bug#56761 List-Archive: http://lists.mysql.com/commits/118331 X-Bug: 56761 Message-Id: <20100915202409.AE40745E80@linux-su11.site> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============1852620076414058525==" --===============1852620076414058525== MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Content-Disposition: inline 3207 Marc Alff 2010-09-15 Bug#56761 Segfault on CHECKSUM TABLE performance_schema.EVENTS_WAITS_HISTORY EXTENDED Before this fix, the server could crash inside a memcpy when reading data from the EVENTS_WAITS_CURRENT / HISTORY / HISTORY_LONG tables. The root cause is that the length used in a memcpy could be corrupted, when another thread writes data in the wait record being read. Reading unsafe data is ok, per design choice, and the code does sanitize the data in general, but did not sanitize the length given to memcpy. The fix is to also sanitize the schema name / object name / file name length when extracting the data to produce a row. added: mysql-test/suite/perfschema/r/checksum.result mysql-test/suite/perfschema/t/checksum.test modified: storage/perfschema/table_events_waits.cc storage/perfschema/table_events_waits.h 3206 Olav Sandstaa 2010-09-15 Fix for Bug#54478 "mysqld crashes during boot when running mtr with --debug option" The crash during boot was caused by a DBUG_PRINT statement in fill_schema_schemata() (in sql_show.cc). This DBUG_PRINT statement contained several instances of %s in the format string and for one of these we gave a NULL pointer as the argument. This caused the call to vsnprintf() to crash when running on Solaris. The fix for this problem is to replace the call to vsnprintf() with my_vsnprintf() which handles that a NULL pointer is passed as argumens for %s. This patch also extends my_vsnprintf() to support %i in the format string. @ dbug/dbug.c Replace the use of vsnprintf() with my_vsnprintf(). On some platforms vsnprintf() did not handle that a NULL pointer was given as an argument for a %s in the format string. @ include/mysql/service_my_snprintf.h Add support for %i in format string to my_vsnprintf(). @ strings/my_vsnprintf.c Add support for %i in format string to my_vsnprintf(). @ unittest/mysys/my_vsnprintf-t.c Add unit tests for %i in format string to my_vsnprintf(). modified: dbug/dbug.c include/mysql/service_my_snprintf.h strings/my_vsnprintf.c unittest/mysys/my_vsnprintf-t.c === added file 'mysql-test/suite/perfschema/r/checksum.result' --- a/mysql-test/suite/perfschema/r/checksum.result 1970-01-01 00:00:00 +0000 +++ b/mysql-test/suite/perfschema/r/checksum.result 2010-09-15 18:20:48 +0000 @@ -0,0 +1,34 @@ +checksum table performance_schema.COND_INSTANCES; +checksum table performance_schema.EVENTS_WAITS_CURRENT; +checksum table performance_schema.EVENTS_WAITS_HISTORY; +checksum table performance_schema.EVENTS_WAITS_HISTORY_LONG; +checksum table performance_schema.EVENTS_WAITS_SUMMARY_BY_INSTANCE; +checksum table performance_schema.EVENTS_WAITS_SUMMARY_BY_THREAD_BY_EVENT_NAME; +checksum table performance_schema.EVENTS_WAITS_SUMMARY_GLOBAL_BY_EVENT_NAME; +checksum table performance_schema.FILE_INSTANCES; +checksum table performance_schema.FILE_SUMMARY_BY_EVENT_NAME; +checksum table performance_schema.FILE_SUMMARY_BY_INSTANCE; +checksum table performance_schema.MUTEX_INSTANCES; +checksum table performance_schema.PERFORMANCE_TIMERS; +checksum table performance_schema.RWLOCK_INSTANCES; +checksum table performance_schema.SETUP_CONSUMERS; +checksum table performance_schema.SETUP_INSTRUMENTS; +checksum table performance_schema.SETUP_TIMERS; +checksum table performance_schema.THREADS; +checksum table performance_schema.COND_INSTANCES extended; +checksum table performance_schema.EVENTS_WAITS_CURRENT extended; +checksum table performance_schema.EVENTS_WAITS_HISTORY extended; +checksum table performance_schema.EVENTS_WAITS_HISTORY_LONG extended; +checksum table performance_schema.EVENTS_WAITS_SUMMARY_BY_INSTANCE extended; +checksum table performance_schema.EVENTS_WAITS_SUMMARY_BY_THREAD_BY_EVENT_NAME extended; +checksum table performance_schema.EVENTS_WAITS_SUMMARY_GLOBAL_BY_EVENT_NAME extended; +checksum table performance_schema.FILE_INSTANCES extended; +checksum table performance_schema.FILE_SUMMARY_BY_EVENT_NAME extended; +checksum table performance_schema.FILE_SUMMARY_BY_INSTANCE extended; +checksum table performance_schema.MUTEX_INSTANCES extended; +checksum table performance_schema.PERFORMANCE_TIMERS extended; +checksum table performance_schema.RWLOCK_INSTANCES extended; +checksum table performance_schema.SETUP_CONSUMERS extended; +checksum table performance_schema.SETUP_INSTRUMENTS extended; +checksum table performance_schema.SETUP_TIMERS extended; +checksum table performance_schema.THREADS extended; === added file 'mysql-test/suite/perfschema/t/checksum.test' --- a/mysql-test/suite/perfschema/t/checksum.test 1970-01-01 00:00:00 +0000 +++ b/mysql-test/suite/perfschema/t/checksum.test 2010-09-15 18:20:48 +0000 @@ -0,0 +1,64 @@ +# Copyright (c) 2010, Oracle and/or its affiliates. All rights reserved. +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; version 2 of the License. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software Foundation, +# 51 Franklin Street, Suite 500, Boston, MA 02110-1335 USA */ + +# Tests for PERFORMANCE_SCHEMA + +--source include/not_embedded.inc +--source include/have_perfschema.inc + +# +# The checksum value itself is random (data is volatile), +# just testing that this does not crash +# +--disable_result_log + +checksum table performance_schema.COND_INSTANCES; +checksum table performance_schema.EVENTS_WAITS_CURRENT; +checksum table performance_schema.EVENTS_WAITS_HISTORY; +checksum table performance_schema.EVENTS_WAITS_HISTORY_LONG; +checksum table performance_schema.EVENTS_WAITS_SUMMARY_BY_INSTANCE; +checksum table performance_schema.EVENTS_WAITS_SUMMARY_BY_THREAD_BY_EVENT_NAME; +checksum table performance_schema.EVENTS_WAITS_SUMMARY_GLOBAL_BY_EVENT_NAME; +checksum table performance_schema.FILE_INSTANCES; +checksum table performance_schema.FILE_SUMMARY_BY_EVENT_NAME; +checksum table performance_schema.FILE_SUMMARY_BY_INSTANCE; +checksum table performance_schema.MUTEX_INSTANCES; +checksum table performance_schema.PERFORMANCE_TIMERS; +checksum table performance_schema.RWLOCK_INSTANCES; +checksum table performance_schema.SETUP_CONSUMERS; +checksum table performance_schema.SETUP_INSTRUMENTS; +checksum table performance_schema.SETUP_TIMERS; +checksum table performance_schema.THREADS; + +checksum table performance_schema.COND_INSTANCES extended; +checksum table performance_schema.EVENTS_WAITS_CURRENT extended; +checksum table performance_schema.EVENTS_WAITS_HISTORY extended; +checksum table performance_schema.EVENTS_WAITS_HISTORY_LONG extended; +checksum table performance_schema.EVENTS_WAITS_SUMMARY_BY_INSTANCE extended; +checksum table performance_schema.EVENTS_WAITS_SUMMARY_BY_THREAD_BY_EVENT_NAME extended; +checksum table performance_schema.EVENTS_WAITS_SUMMARY_GLOBAL_BY_EVENT_NAME extended; +checksum table performance_schema.FILE_INSTANCES extended; +checksum table performance_schema.FILE_SUMMARY_BY_EVENT_NAME extended; +checksum table performance_schema.FILE_SUMMARY_BY_INSTANCE extended; +checksum table performance_schema.MUTEX_INSTANCES extended; +checksum table performance_schema.PERFORMANCE_TIMERS extended; +checksum table performance_schema.RWLOCK_INSTANCES extended; +checksum table performance_schema.SETUP_CONSUMERS extended; +checksum table performance_schema.SETUP_INSTRUMENTS extended; +checksum table performance_schema.SETUP_TIMERS extended; +checksum table performance_schema.THREADS extended; + +--enable_result_log + === modified file 'storage/perfschema/table_events_waits.cc' --- a/storage/perfschema/table_events_waits.cc 2010-08-12 09:51:58 +0000 +++ b/storage/perfschema/table_events_waits.cc 2010-09-15 18:20:48 +0000 @@ -187,7 +187,7 @@ void table_events_waits_common::clear_ob */ void table_events_waits_common::make_row(bool thread_own_wait, PFS_thread *pfs_thread, - PFS_events_waits *wait) + volatile PFS_events_waits *wait) { pfs_lock lock; PFS_thread *safe_thread; @@ -251,21 +251,27 @@ void table_events_waits_common::make_row case WAIT_CLASS_TABLE: m_row.m_object_type= "TABLE"; m_row.m_object_type_length= 5; - memcpy(m_row.m_object_schema, wait->m_schema_name, - wait->m_schema_name_length); m_row.m_object_schema_length= wait->m_schema_name_length; - memcpy(m_row.m_object_name, wait->m_object_name, - wait->m_object_name_length); + if (unlikely((m_row.m_object_schema_length == 0) || + (m_row.m_object_schema_length > sizeof(m_row.m_object_schema)))) + return; + memcpy(m_row.m_object_schema, wait->m_schema_name, m_row.m_object_schema_length); m_row.m_object_name_length= wait->m_object_name_length; + if (unlikely((m_row.m_object_name_length == 0) || + (m_row.m_object_name_length > sizeof(m_row.m_object_name)))) + return; + memcpy(m_row.m_object_name, wait->m_object_name, m_row.m_object_name_length); safe_class= &global_table_class; break; case WAIT_CLASS_FILE: m_row.m_object_type= "FILE"; m_row.m_object_type_length= 4; m_row.m_object_schema_length= 0; - memcpy(m_row.m_object_name, wait->m_object_name, - wait->m_object_name_length); m_row.m_object_name_length= wait->m_object_name_length; + if (unlikely((m_row.m_object_name_length == 0) || + (m_row.m_object_name_length > sizeof(m_row.m_object_name)))) + return; + memcpy(m_row.m_object_name, wait->m_object_name, m_row.m_object_name_length); safe_class= sanitize_file_class((PFS_file_class*) wait->m_class); break; case NO_WAIT_CLASS: === modified file 'storage/perfschema/table_events_waits.h' --- a/storage/perfschema/table_events_waits.h 2010-07-16 00:06:33 +0000 +++ b/storage/perfschema/table_events_waits.h 2010-09-15 18:20:48 +0000 @@ -137,7 +137,7 @@ protected: void clear_object_columns(); void make_row(bool thread_own_wait, PFS_thread *pfs_thread, - PFS_events_waits *wait); + volatile PFS_events_waits *wait); /** Current row. */ row_events_waits m_row; --===============1852620076414058525== MIME-Version: 1.0 Content-Type: text/bzr-bundle; charset="us-ascii"; name="bzr/marc.alff@stripped" Content-Transfer-Encoding: 7bit Content-Disposition: inline # Bazaar merge directive format 2 (Bazaar 0.90) # revision_id: marc.alff@stripped # target_branch: file:///home/malff/BZR_TREE/mysql-5.5-bugfixing-\ # 56761/ # testament_sha1: ff75c65a90ee96f8b6d0ab1eeb83003ad7bf459f # timestamp: 2010-09-15 14:24:09 -0600 # base_revision_id: olav.sandstaa@stripped\ # io8n04jkw0o7dack # # Begin bundle IyBCYXphYXIgcmV2aXNpb24gYnVuZGxlIHY0CiMKQlpoOTFBWSZTWTgWDL4ABW3fgFAWWnf//3/v 3+C////0YAvOjvhl97AACNYKpUWnQLbdhuzXLVAG4SSmQCaaNNAm9ST08oNE9BAAaNNABoNDgGEY TTEMAgGQAwjTJkwjAQ0Iqek9T2pNDQNAADENMgADIAMI0ZBIijUxRqeyp+pqbUMj1NM1AaNBmoAy AAGQRURPQmpD9SfiTQanpM0mT1MEYgwgyDCaGQSRBMgJhAmmiaCeijxCfqjR6ZEaB6g00yKFIg93 sx67mn4rTRC6TAyiTU/SErEIM6DnqVWJ3emrwrm3bOXmpuBNfO3NWh3F+MTvmeN95mltMloxd8AA RJR8JlOzjHb0lTMmootdHFbvpCHiTGDpi7vtTpWzuOvtqNoQMwzMzIOlfif6o16YY58TJSTa9T52 J2NLiUJn6mp1Y9lL45qIps1wvfnyw37cNenu+Di1gj7VuKU+iNq0coIvRLkgoIn80ACpMsxXBPC6 VhAomOGUQTHPiYSYCLzow/TLBiTSgO/IOw3HsPuFEYGBYdlEVG/HGEu7KfuZzNmcj7SHhH9IPx12 hBjipHORGcfcGWF2mZH6mpxuqGF4HBgSWNEc98bXjRHSWcZ0idPqT8AQHmedoD0vedeG9cJ5FlrZ 6RjHlG+Wcp0shhzpC1XT41rSc3965d3RFww546ttRI9o9zglmzfrqAjYQeJILNdqZSkR6j0jnOc9 ZFi8lmJPFoNTSZVMoXy7072lmkZbdsRTHkC4xKueEpkjI8ERBgXlvkDdcuVi93QXxNo96w5gqAro KyebNfjjDwzzaWGm9EC1XA1CEGaqpW98E17ewBnLc98ItKjKyiG21qaTeprCCMNcgRZCHnxElECg SgA1k3Y8Rh1EFgqHCo1s3aFivE6QOUIl1BOqHjiTKSqcChvN65UzRVhX4yX65XshL7/wrcZ3Y6He Z+alwG5RlGeAFtgYNrP2b+Mc6rXW3SQxqK6F4H57sN0+a3DAGsc5QN8bz7YgEjH08gTlQ2KBWzxF GJzpacQ4zuHlVQghKIHIE3LU4cWqRupA6bl0CAt5m/AgYBlYMHrYKtHDhPBRS8TrsF5ecuHC2/df R46tIy237Geq4UTm1pdMLiFzRMQVJlDM7IQMpFhYYQ8C5ShZqPfNGwmC4NchxRTWrAiOQ2xyIEsT BQFo5cSBWQwtsva5GJAcYcFDHbuuXIvJ4Z17bgxxs2HdWMIORv6j0my+mslkXUmVuLyDjRLjibyX 6W48rtzG+41IDq2AJpQZgONMbcSZHI6T3lH6g1txtcKxWDmOnrDqws67tbHwwmNpEwUoEztIyKDG rDst2Qry9UNuncpZG4FbliYQymCi0oBY44Lf+wF3mtkSRmCztKqUpNp2HMsGyDNXWioCldOy+RNI GMCycR2yuNjKORYOSNd5lXMoZGJXNkgHEzi9nB0orpRY1SROx0RRLJY7Twhx8CcjGaxnGM1jOEYx jGVjIGMZAxjGMYxjGaslNPEjP5l2ca023c3FgQKR0WnWEWvbdYzMEfjZCVp5wP4I64dwM4DJOvnp 7qe+QIqMTQmNtj/Ycp/gFmqp3cyEss4UtDyBaH/GROVLgGD8TETGdzkBMXgZafNtoomH/RIG2QwK gBdaCxzQLcCe0MQsYBgkCiXItHRVFAcU0zoZgoI/IFxcCAJYpHGWghYVR8670L1BQLUUC8LOD7ka giQKQRqOMDDDAjQOVQU0JV5BoyKAkwQRFhJNgsqi8C8GhhgKxI2scy6QMwd4JrLdHCwB0OiKJyZE AT1CgSFAEMjnw5FgrRjLBkkigYyRlvTsuBU2wFikMP6woCKghZm4UbWQ+AC/OIVuCoYMBCaSoDiE whXgndCqZDDrWdAYBYAtYonu4hsCQbIhVFoShlzLWNgHVBMGA0MJanA8RxxxLAMUOAMgYCJaam8g QIECgVo2AVaMgxjGBIQVDGSIWpm6BwSEJGljGQKGBvICV8PjKSqKkIBqGBUA72DJcQIQcJvmQXiG EHe8a4iRrkyq0LV/6biEGWL/hcviCMz4Ms6n16FurUSu+Qk4eKT9ZH3nbASi61ECeTDCMIwu2sCu g3KQlInxrbxYv8VA1wgpno1i3D+Bwzc+B8TqfI0NzfcIKISD7w6h9nwmcCQ/U+tC5yW3z1PAYJJL Qvg4ek0NT3kKzXTAsqMViEA7ecDmyAgJ+vrYZr0kgdzmyhRIQOkFCV4g3vJl0Ew4gnyH82TuMrrX mwzOdgupux27ysjqUF2lBTBQ6HMvEBVBhFZh1aw7K07yvf0J2JAXVM4mEPOikza+Srcymdd/PxY9 UewZHYXG7pCsjwbVqWTCE2LB67RJIQH0Orm2fEuphPEre6L4CDBgbtOP82Djy6Wb5v6z++bjaBiG nENmagiiUhcIGqEBU2by8HgkIG7xBK6TPVBo9CQGmcN19+3Ozo9RzVTcFFfDo2NP+YirytyqHw1B i3HqxCB9HJkBsC9KFIDlY7Wrc0beASAQboWQgQ85c/W63dFM3lFG0nXr2AdKaByQFM1NCvwROXEy bUYN3hgXA8oSXIWF5skIdFLLbUXgF6J5w2tQMKMu2DckzaEICDB2Ss6lK+BYL2tgBWyMyDTUwXLm kzL3smPAgIgrPpdB3MmYGYMJpCCbJJB9SigkN8wWEq2SNT0i1SM4mvFhlp8Ahrz8fQgwelfyWVgq lk1M6IZkG/sgUJMHMY9iWl2lg/GfgHl39tdVnawzIpyGGTBTXtSiHY2GRDKWgaE8jYTclsNCrVaW HcIbboFlchy5YYSDsOVdGbsgohwtr5i+PXcHkTA4YCmryrI0BAM4gYLCAnBjAWR2OoV/pgkrIr3Z rzwlKdcOy4nNoi3ZEMFuckCAdmQDCgCc686hkK4DIMDOmSSCpCA4Dac6GB/TFSSuBFDxTTzPRj7Z Fk0TnXptyCc7Ri/0s7XRDdQciuUCnZWhJgxUMgkAxppbZWIByFJCoUOAXcqCtZFjM1hRsGk2JTC3 tSzb7A9B7lNXYoDu4Znd7CYZLyMeZYrJ+tc1WVyQVSNjYDx0SFDS9k1ucbvEFKUlj0CCLlevPDmW sEw/t+VDd/U5D6AGOfFgYTotgJAeJ2wjn4TCzk51UrIa6qwHG+MrojCy5+2MQaGSeHEuOrNlrMAB uKuMep+NEUO3CSRH2rmfmuXvkjRAgoT6x+s67gEFma61ZZUtg7pLKlBtnHVE/qTs9zhNoxdN6mgk oeHdsrwvMRkIBmDtrYtzMW7RpjiRXcxaGM7aZxSkEl3iuD6GNtZXnC7cyomN+SWBAWiQgh2aUnYO Q7cJS4yIEYOWy80iRJb0eApgqNAJlUB+0CQqLQEB9FyZnvjfg1H2cQG+yVvRQQYedKTIgvIYDvZB pITpmpDtdcDLWBYrAiBssv1QIST8XFbEB2E2y71DA+AL71w7jqcF7PH3533JttABEDbyTQ1idqnI 9lxJiKixvs3vvTgTXCWro6KrgDgWsKBV/BrvgXqO0wwE8Bl51BzgxsBTFLWtriajB9JPGFFc1mlW pgya4+LS/8XckU4UJA4Fgy+A --===============1852620076414058525==--