Fixes based on warnings from gcc/clang and valgrind

- Initialize variables that could be used uninitialized - Added extra end space to DbugStringItemTypeValue to get rid of warnings from c_ptr() - Session_sysvars_tracker::update() accessed unitialized memory if called with NULL value. - get_schema_stat_record() accessed unitialized memory if HA_KEY_LONG_HASH was used - parse_vcol_defs() accessed random memory for tables without keys.
2026-05-07 23:54:31 +02:00 · 2019-08-12 10:42:12 +03:00 · 2019-08-12 10:42:12 +03:00 · 05619f6989
commit 05619f6989
parent 13f36fffea
8 changed files with 26 additions and 18 deletions
--- a/plugin/auth_pam/auth_pam.c
+++ b/plugin/auth_pam/auth_pam.c
@ -40,7 +40,7 @@ static int pam_auth(MYSQL_PLUGIN_VIO *vio, MYSQL_SERVER_AUTH_INFO *info)
 {
  int p_to_c[2], c_to_p[2]; /* Parent-to-child and child-to-parent pipes. */
  pid_t proc_id;
-  int result= CR_ERROR, pkt_len;
+  int result= CR_ERROR, pkt_len= 0;
  unsigned char field, *pkt;

  PAM_DEBUG((stderr, "PAM: opening pipes.\n"));
--- a/sql/item.h
+++ b/sql/item.h
@ -2358,6 +2358,9 @@ public:
    append(item->type_handler()->name().ptr());
    append(')');
    const_cast<Item*>(item)->print(this, QT_EXPLAIN);
+    /* Append end \0 to allow usage of c_ptr() */
+    append('\0');
+    str_length--;
  }
 };
 #endif
--- a/sql/rpl_gtid.cc
+++ b/sql/rpl_gtid.cc
@ -874,7 +874,7 @@ rpl_slave_state::gtid_delete_pending(THD *thd,
    Query_tables_list lex_backup;
    TABLE_LIST tlist;
    TABLE *table;
-    handler::Table_flags direct_pos;
+    handler::Table_flags direct_pos= 0;
    list_element *cur, **cur_ptr_ptr;
    bool table_opened= false;
    bool index_inited= false;
--- a/sql/session_tracker.cc
+++ b/sql/session_tracker.cc
@ -380,11 +380,15 @@ bool Session_sysvars_tracker::enable(THD *thd)
 bool Session_sysvars_tracker::update(THD *thd, set_var *var)
 {
  vars_list tool_list;
-  void *copy= var->save_result.string_value.str ?
-              my_memdup(var->save_result.string_value.str,
-                        var->save_result.string_value.length + 1,
-                        MYF(MY_WME | MY_THREAD_SPECIFIC)) :
-              my_strdup("", MYF(MY_WME | MY_THREAD_SPECIFIC));
+  void *copy;
+  size_t length= 1;
+
+  if (var->save_result.string_value.str)
+    copy= my_memdup(var->save_result.string_value.str,
+                    (length= var->save_result.string_value.length + 1),
+                    MYF(MY_WME | MY_THREAD_SPECIFIC));
+    else
+      copy= my_strdup("", MYF(MY_WME | MY_THREAD_SPECIFIC));

  if (!copy)
    return true;
@ -402,7 +406,7 @@ bool Session_sysvars_tracker::update(THD *thd, set_var *var)
  m_parsed= true;
  orig_list.copy(&tool_list, thd);
  orig_list.construct_var_list(thd->variables.session_track_system_variables,
-                               var->save_result.string_value.length + 1);
+                               length);
  return false;
 }

--- a/sql/sql_acl.cc
+++ b/sql/sql_acl.cc
@ -4315,7 +4315,7 @@ static int replace_user_table(THD *thd, const User_table &user_table,
  bool handle_as_role= combo->is_role();
  LEX *lex= thd->lex;
  TABLE *table= user_table.table();
-  ACL_USER new_acl_user, *old_acl_user;
+  ACL_USER new_acl_user, *old_acl_user= 0;
  DBUG_ENTER("replace_user_table");

  mysql_mutex_assert_owner(&acl_cache->lock);
--- a/sql/sql_show.cc
+++ b/sql/sql_show.cc
@ -6636,6 +6636,7 @@ static int get_schema_stat_record(THD *thd, TABLE_LIST *tables,
    {
      show_table->file->info(HA_STATUS_VARIABLE |
                             HA_STATUS_NO_LOCK |
+                             HA_STATUS_CONST |
                             HA_STATUS_TIME);
      set_statistics_for_table(thd, show_table);
    }
@ -6670,15 +6671,15 @@ static int get_schema_stat_record(THD *thd, TABLE_LIST *tables,
                                    "D" : "A"), 1, cs);
            table->field[8]->set_notnull();
          }
-          KEY *key=show_table->key_info+i;
-          if (key->rec_per_key[j] && key->algorithm != HA_KEY_ALG_LONG_HASH)
+          if (key_info->algorithm != HA_KEY_ALG_LONG_HASH &&
+              key_info->rec_per_key[j])
          {
            ha_rows records= (ha_rows) ((double) show_table->stat_records() /
-                                        key->actual_rec_per_key(j));
+                                        key_info->actual_rec_per_key(j));
            table->field[9]->store((longlong) records, TRUE);
            table->field[9]->set_notnull();
          }
-          if (key->algorithm == HA_KEY_ALG_LONG_HASH)
+          if (key_info->algorithm == HA_KEY_ALG_LONG_HASH)
            table->field[13]->store(STRING_WITH_LEN("HASH"), cs);
          else
          {
--- a/sql/table.cc
+++ b/sql/table.cc
@ -1184,8 +1184,8 @@ bool parse_vcol_defs(THD *thd, MEM_ROOT *mem_root, TABLE *table,
    {
      List<Item> *field_list= new (mem_root) List<Item>();
      Item *list_item;
-      KEY *key;
-      uint key_index, parts;
+      KEY *key= 0;
+      uint key_index, parts= 0;
      for (key_index= 0; key_index < table->s->keys; key_index++)
      {
        key=table->key_info + key_index;
@ -1193,7 +1193,7 @@ bool parse_vcol_defs(THD *thd, MEM_ROOT *mem_root, TABLE *table,
        if (key->key_part[parts].fieldnr == field->field_index + 1)
          break;
      }
-      if (key->algorithm != HA_KEY_ALG_LONG_HASH)
+      if (!key || key->algorithm != HA_KEY_ALG_LONG_HASH)
        goto end;
      KEY_PART_INFO *keypart;
      for (uint i=0; i < parts; i++)