From: Marc&nbsp;Alff
Date: September 17 2010 7:03pm
Subject: bzr commit into mysql-5.5-bugfixing branch (marc.alff:3210) Bug#50557
List-Archive: http://lists.mysql.com/commits/118520
X-Bug: 50557
Message-Id: <20100917190314.92A2345E80@linux-su11.site>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============4294375042176500344=="

--===============4294375042176500344==
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

#At file:///home/malff/BZR_TREE/mysql-5.5-bugfixing-50557/ based on revid:marc.alff@stripped

 3210 Marc Alff	2010-09-17
      Bug#50557 checksum table crashes server when used in performance_schema
      
      CHECKSUM TABLE for performance schema tables could cause uninitialized
      memory reads.
      
      The root cause is a design flaw in the implementation of
      mysql_checksum_table(), which do not honor null fields.
      
      However, fixing this bug in CHECKSUM TABLE is risky, as it can cause the
      checksum value to change.
      
      This fix implements a work around, to systematically reset fields values
      even for null fields, so that the field memory representation is always
      initialized with a known value.

    modified:
      storage/perfschema/pfs_engine_table.cc
=== modified file 'storage/perfschema/pfs_engine_table.cc'
--- a/storage/perfschema/pfs_engine_table.cc	2010-08-12 14:08:52 +0000
+++ b/storage/perfschema/pfs_engine_table.cc	2010-09-17 19:03:09 +0000
@@ -223,6 +223,8 @@ int PFS_engine_table::read_row(TABLE *ta
                                Field **fields)
 {
   my_bitmap_map *org_bitmap;
+  Field *f;
+  Field **fields_reset;
 
   /*
     Make sure the table structure is as expected before mapping
@@ -240,6 +242,16 @@ int PFS_engine_table::read_row(TABLE *ta
 
   /* We internally write to Fields to support the read interface */
   org_bitmap= dbug_tmp_use_all_columns(table, table->write_set);
+
+  /*
+    Some callers of the storage engine interface do not honor the
+    f->is_null() flag, and will attempt to read the data itself.
+    A known offender is mysql_checksum_table().
+    For robustness, reset every field.
+  */
+  for (fields_reset= fields; (f= *fields_reset) ; fields_reset++)
+    f->reset();
+
   int result= read_row_values(table, buf, fields, read_all);
   dbug_tmp_restore_column_map(table->write_set, org_bitmap);
 

--===============4294375042176500344==
MIME-Version: 1.0
Content-Type: text/bzr-bundle; charset="us-ascii";
	name="bzr/marc.alff@stripped"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

# Bazaar merge directive format 2 (Bazaar 0.90)
# revision_id: marc.alff@stripped
# target_branch: file:///home/malff/BZR_TREE/mysql-5.5-bugfixing-\
#   50557/
# testament_sha1: 5968cc21b614aa26f532f200ea3ec657bb9ac483
# timestamp: 2010-09-17 13:03:14 -0600
# base_revision_id: marc.alff@stripped\
#   p49yw0rhf25py9fa
# 
# Begin bundle
IyBCYXphYXIgcmV2aXNpb24gYnVuZGxlIHY0CiMKQlpoOTFBWSZTWayoK3kAAfDfgEAQWH///3tO
DgC////wUAUDTt0pve1czO9Pc1juGiJiDTVPNFPaAmqfqno9KfqE08oDR6nqbU0CSqfqKfqnsTU1
PKY1PJNAaZAAaaAABkJppMlPInoAU8jU0yA0aAAACRQmmpqn5BlJ6T009U9MUaD1D1PUZBpoD1BJ
IKn6apsSBo9Tyj1G1NAZAABoAgha7wcVOKo0enb1EISB/GpMszYWku5ZARmBH0eqLByVKVy+dFhE
UQIUdOxij3ov+kxmZc/wP5FIl5pDzh3YMRFbW1rhyFnoY7/0fNOVYkhpYtY3zIEZ+yJRfiqOep1J
8qWtEnt0/dO2Qu6q4ZeCUbr1iBSSLJFlgOlHE52Cus/zWA0PWibChUUyFTG2RUgbdnjnu7emJIMh
TlSH4F56J8wPBQHitUmNkBZpWUDF4IcNapshwwLdRrsT+IJ4vlfUlW6eoiEQS6fMZrZY7LyaUG0L
hpQrVGCtncLVEeBypPQpCYgMZ3FRTJmdbh0H+4CqH2p3UIOG8YrwkXaT3nnJ2cx9lJ4mSxbK0n3J
44J1CvCWoHShnteKtigwz3dR1cwa4XT0EGoHArsmeA0OWowXvc70ErumViGA0hRcqmY6AVrSWqiG
OtoRyg3IBIPwgTnKZGveVG4lioV7XamqjHdCqlFkZSNqA09pAW8KYKp4BjTGSiBquDigrTHE6f32
l4ijEi6/DI2UXqZtRAsX1XWDYPhctbOLSmwoQMZA0YgQ+aTq2gxSo5QOZx5ivWXQyDhPNda51Ivi
aKRTo5kwro+3ox9WHcOMjFdy2Dmw0Z+EmkeX0UzqYYbvPDRCLz5NTSQJ/BJjMdRL6hbAwdRqLihc
4gkFxQkWBBHIk0Genl7wwD4RJ1ol1e3ikW0ZJZpZWHFI5LgcVfhdLApVfXl8ZpGdCwxLD7zEoVKX
Z9cnjbxhskXg0fEK8qyLR23O7QhCppGIJGfkReyzFh51fLNac41xdZd/jaqVVhBIsSL6EtxQI9WR
sjauu0zscrnq5tqDybkEF5ZCJ6+Q4yWv0VkriroulHE2Uk16hnX5z7L9O8c1rMDDE+LMnu47ZATs
qRnet60at7qNDHqYwAKdxV1iwI4RQy3laJI2EaQMUg4SjMmNQhe6Kd0oAlqaJCK2uhgDiXm89g77
QFBanh45Ei30rEcVYC8pdnFkbyfzCS9DNLVwz161GHVU90G2iEA++XVvMgn1g4i+jsiljVaqlFzu
NSzhhEJNB1fRxJv0tESwK3quBULSG4GPOVOjbbkhMpBxYYDToDFNUFI2itP4FWyouLQoHCmDYYP6
4Hg9wPJji9hHTeyKEhxeUQj65RLsFKasg5qGXWznnGkMTWwXB7HuM6+CjKeLJAlUWSgSiRHrEaQX
E9kUG5wysBEQBjAEIBPipeQHZOQmKDcTCTTYROuK12bxmOBWsUjvdBcd5NWG19sOaRajTUjfHWM6
Kx3WeEifStwr8W1Igdlj7HaKouutnDVULFcLepoYcychgDNswBYxkNSxyXhXlgWB706o+QT0OOSy
ZNjQ+GyjIup6nHbew1qUAiVr5xoAmuZ1JXakXysA3rK0N92BgpZqgagEW12agQNnY7+sqJN6AtMx
CZOHXMGkO69SUKUvYLpwCi6ZQih7wUE4UzXKp3/FL4OywDXrtsWi7aCx8NEVUwtQ/Ar09pPD5TDW
RUmIKIPvYvCXCrMiYT5hPmX+LuSKcKEhWVBW8g==


--===============4294375042176500344==--