The problem is that the fix Bug#29784 was mistakenly
reverted when updating YaSSL to a newer version.
The solution is to re-apply the fix and this time
actually add a meaningful test case so that possible
regressions are caught.
extra/yassl/taocrypt/src/coding.cpp:
Fixed buffer allocation to compute the proper maximum
decoded size: (EncodedLength * 3/4) + 3
mysql-test/std_data/server8k-cert.pem:
Update certificate.
mysql-test/std_data/server8k-key.pem:
Update key.
mysql-test/t/ssl_8k_key-master.opt:
Start the server using the certificate and key that
triggers the problem.
* Fixed obvious errors (HAVE_BROKEN_PREAD is not true for on any
of systems we use, definitely not on HPUX)
* Remove other junk flags for OSX and HPUX
* Avoid checking type sizes in universal builds on OSX, again
(CMake2.8.0 fails is different architectures return different results)
* Do not compile template instantiation stuff unless
EXPLICIT_TEMPLATE_INSTANTIATION is used.
* Some cleanup (make gen_lex_hash simpler, avoid dependencies)
* Exclude some unused files from compilation (strtol.c etc)
Fix warnings flagged by the new warning option -Wunused-but-set-variable
that was added to GCC 4.6 and that is enabled by -Wunused and -Wall. The
option causes a warning whenever a local variable is assigned to but is
later unused. It also warns about meaningless pointer dereferences.
client/mysql.cc:
Meaningless pointer dereferences.
client/mysql_upgrade.c:
Check whether reading from the file succeeded.
extra/comp_err.c:
Unused.
extra/yassl/src/yassl_imp.cpp:
Skip instead of reading data that is discarded.
include/my_pthread.h:
Variable is only used in debug builds.
include/mysys_err.h:
Add new error messages.
mysys/errors.c:
Add new error message for permission related functions.
mysys/mf_iocache.c:
Variable is only checked under THREAD.
mysys/my_copy.c:
Raise a error if chmod or chown fails.
mysys/my_redel.c:
Raise a error if chmod or chown fails.
regex/engine.c:
Use a equivalent variable for the assert.
server-tools/instance-manager/instance_options.cc:
Unused.
sql/field.cc:
Unused.
sql/item.cc:
Unused.
sql/log.cc:
Do not ignore the return value of freopen: only set buffer if
reopening succeeds.
Adjust doxygen comment to the right function.
Pass message lenght to log function.
sql/mysqld.cc:
Do not ignore the return value of freopen: only set buffer if
reopening succeeds.
sql/partition_info.cc:
Unused.
sql/slave.cc:
No need to set pointer to the address of '\0'.
sql/spatial.cc:
Unused. Left for historical purposes.
sql/sql_acl.cc:
Unused.
sql/sql_base.cc:
Pointers are always set to the same variables.
sql/sql_parse.cc:
End statement if reading fails.
Store the buffer after it has actually been updated.
sql/sql_repl.cc:
No need to set pointer to the address of '\0'.
sql/sql_show.cc:
Put variable under the same ifdef block.
sql/udf_example.c:
Set null pointer flag appropriately.
storage/csv/ha_tina.cc:
Meaningless dereferences.
storage/example/ha_example.cc:
Return the error since it's available.
storage/myisam/mi_locking.c:
Remove unused and dead code.
Essentially, the problem is that safemalloc is excruciatingly
slow as it checks all allocated blocks for overrun at each
memory management primitive, yielding a almost exponential
slowdown for the memory management functions (malloc, realloc,
free). The overrun check basically consists of verifying some
bytes of a block for certain magic keys, which catches some
simple forms of overrun. Another minor problem is violation
of aliasing rules and that its own internal list of blocks
is prone to corruption.
Another issue with safemalloc is rather the maintenance cost
as the tool has a significant impact on the server code.
Given the magnitude of memory debuggers available nowadays,
especially those that are provided with the platform malloc
implementation, maintenance of a in-house and largely obsolete
memory debugger becomes a burden that is not worth the effort
due to its slowness and lack of support for detecting more
common forms of heap corruption.
Since there are third-party tools that can provide the same
functionality at a lower or comparable performance cost, the
solution is to simply remove safemalloc. Third-party tools
can provide the same functionality at a lower or comparable
performance cost.
The removal of safemalloc also allows a simplification of the
malloc wrappers, removing quite a bit of kludge: redefinition
of my_malloc, my_free and the removal of the unused second
argument of my_free. Since free() always check whether the
supplied pointer is null, redudant checks are also removed.
Also, this patch adds unit testing for my_malloc and moves
my_realloc implementation into the same file as the other
memory allocation primitives.
client/mysqldump.c:
Pass my_free directly as its signature is compatible with the
callback type -- which wasn't the case for free_table_ent.
Apart strict-aliasing warnings, fix the remaining warnings
generated by GCC 4.4.4 -Wall and -Wextra flags.
One major source of warnings was the in-house function my_bcmp
which (unconventionally) took pointers to unsigned characters
as the byte sequences to be compared. Since my_bcmp and bcmp
are deprecated functions whose only difference with memcmp is
the return value, every use of the function is replaced with
memcmp as the special return value wasn't actually being used
by any caller.
There were also various other warnings, mostly due to type
mismatches, missing return values, missing prototypes, dead
code (unreachable) and ignored return values.
BUILD/SETUP.sh:
Remove flags that are implied by -Wall and -Wextra.
Do not warn about unused parameters in C++.
BUILD/check-cpu:
Print only the compiler version instead of verbose banner.
Although the option is gcc specific, the check was only
being used for GCC specific checks anyway.
client/mysql.cc:
bcmp is no longer defined.
client/mysqltest.cc:
Pass a string to function expecting a format string.
Replace use of bcmp with memcmp.
cmd-line-utils/readline/Makefile.am:
Always define _GNU_SOURCE when compiling GNU readline.
Required to make certain prototypes visible.
cmd-line-utils/readline/input.c:
Condition for the code to be meaningful.
configure.in:
Remove check for bcmp.
extra/comp_err.c:
Use appropriate type.
extra/replace.c:
Replace use of bcmp with memcmp.
extra/yassl/src/crypto_wrapper.cpp:
Do not ignore the return value of fgets. Retrieve the file
position if fgets succeed -- if it fails, the function will
bail out and return a error.
extra/yassl/taocrypt/include/blowfish.hpp:
Use a single array instead of accessing positions of the sbox_
through a subscript to pbox_.
extra/yassl/taocrypt/include/runtime.hpp:
One definition of such functions is enough.
extra/yassl/taocrypt/src/aes.cpp:
Avoid potentially ambiguous conditions.
extra/yassl/taocrypt/src/algebra.cpp:
Rename arguments to avoid shadowing related warnings.
extra/yassl/taocrypt/src/blowfish.cpp:
Avoid potentially ambiguous conditions.
extra/yassl/taocrypt/src/integer.cpp:
Do not define type within a anonymous union.
Use a variable to return a value instead of
leaving the result in a register -- compiler
does not know the logic inside the asm.
extra/yassl/taocrypt/src/misc.cpp:
Define handler for pure virtual functions.
Remove unused code.
extra/yassl/taocrypt/src/twofish.cpp:
Avoid potentially ambiguous conditions.
extra/yassl/testsuite/test.hpp:
Function must have C language linkage.
include/m_string.h:
Remove check which relied on bcmp being defined -- they weren't
being used as bcmp is only visible when _BSD_SOURCE is defined.
include/my_bitmap.h:
Remove bogus helpers which were used only in a few files and
were causing warnings about dead code.
include/my_global.h:
Due to G++ bug, always silence false-positive uninitialized
variables warnings when compiling C++ code with G++.
Remove bogus helper.
libmysql/Makefile.shared:
Remove built-in implementation of bcmp.
mysql-test/lib/My/SafeProcess/safe_process.cc:
Cast pid to largest possible type for a process identifier.
mysys/mf_loadpath.c:
Leave space of the ending nul.
mysys/mf_pack.c:
Replace bcmp with memcmp.
mysys/my_bitmap.c:
Dead code removal.
mysys/my_gethwaddr.c:
Remove unused variable.
mysys/my_getopt.c:
Silence bogus uninitialized variable warning.
Do not cast away the constant qualifier.
mysys/safemalloc.c:
Cast to expected type.
mysys/thr_lock.c:
Silence bogus uninitialized variable warning.
sql/field.cc:
Replace bogus helper with a more appropriate logic which is
used throughout the code.
sql/item.cc:
Remove bogus logical condition which always evaluates to TRUE.
sql/item_create.cc:
Simplify code to avoid signedness related warnings.
sql/log_event.cc:
Replace use of bcmp with memcmp.
No need to use helpers for simple bit operations.
sql/log_event_old.cc:
Replace bmove_align with memcpy.
sql/mysqld.cc:
Move use declaration of variable to the ifdef block where it
is used. Remove now-unnecessary casts and arguments.
sql/set_var.cc:
Replace bogus helpers with simple and classic bit operations.
sql/slave.cc:
Cast to expected type and silence bogus warning.
sql/sql_class.h:
Don't use enum values as bit flags, the supposed type safety is
bogus as the combined bit flags are not a value in the enumeration.
sql/udf_example.c:
Only declare variable when necessary.
sql/unireg.h:
Replace use of bmove_align with memcpy.
storage/innobase/os/os0file.c:
Silence bogus warning.
storage/myisam/mi_open.c:
Remove bogus cast, DBUG_DUMP expects a pointer to unsigned
char.
storage/myisam/mi_page.c:
Remove bogus cast, DBUG_DUMP expects a pointer to unsigned
char.
strings/bcmp.c:
Remove built-in bcmp.
strings/ctype-ucs2.c:
Silence bogus warning.
tests/mysql_client_test.c:
Use a appropriate type as expected by simple_command().
cmake/build_configurations/mysql_release.cmake
- Corrected spelling ENABLE_LOCAL_INFILE => ENABLED_LOCAL_INFILE
- In addition to "RelWithDebInfo", set target "Release" and "Debug"
- Set Debug flags
- Enabled SSL on Mac OS X
- For gcc builds, set RELEASE and DEBUG flags as well
- For g++ builds, added "-fno-implicit-templates"
- Use "-O" (gcc -O1) for optimized binaries, as "DEBUG" in out case
is more about enabling trace support to the server, no optimization
makes binaries too slow to be practical to reproduce problems
cmake/os/WindowsCache.cmake
- Removed unused HAVE_SYS_IOCTL
config.h.cmake
- Added header checks and missing defines
- Removed unused HAVE_SYS_IOCTL
- Grouped and uncommented some HAVE_* that are really not
defines, but internal variables used in the CMake setup,
- Added hard coded flags for HP-UX and Mac OS X
configure.cmake
- Added header checks and missing defines
- Removed unused HAVE_SYS_IOCTL
- "sys/dir.h" test needs "sys/types.h"
- Corrected syntax for "sys/ptem.h" test
- Don't exclude test for some types if Mac OS X, harmless
to do the test and we want the HAVE_<type> settings
- Added hard coded flags for HP-UX and Mac OS X
extra/yassl/CMakeLists.txt
extra/yassl/taocrypt/CMakeLists.txt
- Added missing source file "template_instnt.cpp"
strict aliasing violations.
Essentially, the problem is that large parts of the server were
developed in simpler times (last decades, pre C99 standard) when
strict aliasing and compilers supporting such optimizations were
rare to non-existent. Thus, when compiling the server with a modern
compiler that uses strict aliasing rules to perform optimizations,
there are several places in the code that might trigger undefined
behavior.
As evinced by some recent bugs, GCC does a somewhat good of job
misoptimizing such code, but on the other hand also gives warnings
about suspicious code. One problem is that the warnings aren't
always accurate, yet we can't afford to just shut them off as we
might miss real cases. False-positive cases are aggravated mostly
by casts that are likely to trigger undefined behavior.
The solution is to start a cleanup process focused on fixing and
reducing the amount of strict-aliasing related warnings produced
by GCC and others compilers. A good deal of noise reduction can
be achieved by just removing useless casts that are product of
historical cruft and are likely to trigger undefined behavior if
dereferenced.
client/mysql.cc:
Remove now-unnecessary casts.
Break up large strings.
client/mysql_upgrade.c:
Remove now-unnecessary casts.
client/mysqladmin.cc:
Remove now-unnecessary casts.
Break up large strings.
client/mysqlbinlog.cc:
Remove now-unnecessary casts.
client/mysqlcheck.c:
Remove now-unnecessary casts.
client/mysqldump.c:
Remove now-unnecessary casts.
client/mysqlimport.c:
Remove now-unnecessary casts.
client/mysqlshow.c:
Remove now-unnecessary casts.
client/mysqlslap.c:
Remove now-unnecessary casts.
client/mysqltest.cc:
Remove now-unnecessary casts.
extra/comp_err.c:
Remove now-unnecessary casts.
extra/my_print_defaults.c:
Remove now-unnecessary casts.
Break up large strings.
extra/mysql_waitpid.c:
Remove now-unnecessary casts.
extra/perror.c:
Remove now-unnecessary casts.
extra/resolve_stack_dump.c:
Remove now-unnecessary casts.
extra/resolveip.c:
Remove now-unnecessary casts.
include/my_getopt.h:
Use a void pointer type as the opaque type to avoid problems with type
incompatibility -- GCC issues warnings when the type name is not type
compatible with a operand. As a side bonus, a explicit cast won't be
necessary anymore.
include/sslopt-longopts.h:
Remove now-unnecessary casts.
Break up large strings.
mysys/my_getopt.c:
Update opaque type and introduce a type definition for the
argument to my_getopt_register_get_addr.
server-tools/instance-manager/options.cc:
Remove now-unnecessary casts.
sql/mysqld.cc:
Remove now-unnecessary casts.
Break up large strings.
Update mysql_getopt_value prototype (the old prototype
was different from the definition anyway).
sql/sql_plugin.cc:
The type of a pointer to a function must be compatible with the
pointed-to function type, otherwise the behavior is undefined.
sql/table.cc:
The variable buf pointer to pointer to pointer to constant char
could improperly alias a incompatible type in call to fix_type_
pointers. Since this was actually dead code, it is simply removed.
sql/unireg.cc:
Remove call to get_form_pos. The code creates a new FRM file which
is always truncated and writes the form position as 0. Hence, no
need to retrieve it, we now for sure it is 0.
storage/archive/archive_reader.c:
Remove now-unnecessary casts.
storage/myisam/ft_nlq_search.c:
Read weight directly from the buffer.
storage/myisam/fulltext.h:
Add explanation about the type duality of a key buffer.
Add accessor macro to retrieve a FT float value.
storage/myisam/mi_test1.c:
Remove now-unnecessary casts.
storage/myisam/myisam_ftdump.c:
Read weight directly from the buffer.
storage/myisam/myisamchk.c:
Remove now-unnecessary casts.
storage/myisam/myisamlog.c:
A pointer to char was used to alias a pointer to pointer to
unsigned char, thus violating strict aliasing rules.
storage/myisam/myisampack.c:
Remove now-unnecessary casts.
strings/decimal.c:
Remove aliasing violation, printing the value is enough for
debugging purposes.
tests/mysql_client_test.c:
Remove now-unnecessary casts.
Addendum: Work around a compilation failure on Windows due to
windows.h not being added to the global namespace.
extra/yassl/include/lock.hpp:
Move windows.h inclusion into the global namespace.
config/ac-macros/ssl.m4:
Enable yaSSL thread safety if linking with the server or a
thread safe client library. Avoids building a thread safe
yaSSL when only building a non-thread safe client library.
The problem was that the bundled yaSSL library was being built
without thread safety support regardless of the thread safeness
of the compoments linked with it.
The solution is to enable yaSSL thread safety support if any
component (server or client) is to be built with thread support.
Also, generate new certificates for yaSSL's test suite.
config/ac-macros/yassl.m4:
Enable yaSSL thread safety if linking with the server or a
thread safe client library. Avoids building a thread safe
yaSSL when only building a non-thread safe client library.
extra/yassl/CMakeLists.txt:
Always enable for Windows builds.
extra/yassl/certs/ca-cert.pem:
New certificate, previous one expired.
extra/yassl/certs/client-cert.der:
New certificate, previous one expired.
extra/yassl/certs/client-cert.pem:
New certificate, previous one expired.
extra/yassl/certs/dsa-cert.pem:
New certificate, previous one expired.
extra/yassl/certs/server-cert.pem:
New certificate, previous one expired.
extra/yassl/include/lock.hpp:
Rename MULTI_THREAD to YASSL_THREAD_SAFE.
extra/yassl/src/Makefile.am:
Use CXXFLAGS to set thread related definitions as the lock header
(lock.hpp) has no local dependencies.
extra/yassl/src/lock.cpp:
Rename MULTI_THREAD to YASSL_THREAD_SAFE.
extra/yassl/taocrypt/CMakeLists.txt:
Always enable for Windows builds.
extra/yassl/taocrypt/benchmark/Makefile.am:
Pass thread related CXXFLAGS.
extra/yassl/taocrypt/src/Makefile.am:
Pass thread related CXXFLAGS.
extra/yassl/taocrypt/test/Makefile.am:
Pass thread related CXXFLAGS.
extra/yassl/taocrypt/test/memory.cpp:
Rename MULTI_THREAD to YASSL_THREAD_SAFE.
extra/yassl/testsuite/Makefile.am:
Pass thread related CXXFLAGS.
Add -Wall to gcc/g++
Fix most warnings reported in dbg and opt mode.
cmd-line-utils/libedit/filecomplete.c:
Remove unused auto variables.
configure.cmake:
Add -Wall to gcc.
extra/comp_err.c:
Cast to correct type.
extra/perror.c:
Fix segfault (but warnings about deprecated features remain)
extra/yassl/taocrypt/include/runtime.hpp:
Comparing two literals was reported as undefined behaviour.
include/my_global.h:
Add a template for aligning character buffers.
mysys/lf_alloc-pin.c:
Initialize pointer.
sql/mysqld.cc:
Use UNINIT_VAR rather than LINT_INIT.
sql/partition_info.cc:
Use UNINIT_VAR rather than LINT_INIT.
sql/rpl_handler.cc:
Use char[] rather than unsigned long[] array for placement buffer.
sql/spatial.cc:
Use char[] rather than unsigned void*[] array for placement buffer.
sql/spatial.h:
Use char[] rather than unsigned void*[] array for placement buffer.
sql/sql_partition.cc:
Initialize auto variable.
sql/sql_table.cc:
Initialize auto variables.
Add parens around assignment within if()
sql/sys_vars.cc:
Use UNINIT_VAR.
storage/innobase/os/os0file.c:
Init first slot in auto variable.
storage/myisam/mi_create.c:
Use UNINIT_VAR rather than LINT_INIT.
storage/myisam/mi_open.c:
Remove (wrong) casting.
storage/myisam/mi_page.c:
Remove (wrong) casting.
storage/myisam/mi_search.c:
Cast to uchar* rather than char*.
strings/ctype-ucs2.c:
Use UNINIT_VAR rather than LINT_INIT.
Add (uchar*) casting.
(make relies GNU extentions). The patch was partially
backport from 6.0.
Original comment:
bug#30708: make relies GNU extensions. Now that we no longer use
BitKeeper we can safely remove the SCCS handling with no loss of
functionality.
MySQL with gcc 4.3.2
This is the final patch in the context of this bug.
cmd-line-utils/readline/rlmbutil.h:
Changed in a previous patch, reverted by a backport.
cmd-line-utils/readline/text.c:
Static var initialization.
extra/yassl/include/yassl_error.hpp:
SetErrorString handles errors outside of the YasslError
enum.
extra/yassl/src/ssl.cpp:
SetErrorString handles errors outside of the YasslError
enum.
extra/yassl/src/yassl_error.cpp:
SetErrorString handles errors outside of the YasslError
enum.
Conflicts:
Text conflict in .bzr-mysql/default.conf
Text conflict in mysql-test/suite/rpl/r/rpl_loaddata_fatal.result
Text conflict in mysql-test/suite/rpl/r/rpl_stm_log.result
Text conflict in mysql-test/t/mysqlbinlog.test
Text conflict in sql/sql_acl.cc
Text conflict in sql/sql_servers.cc
Text conflict in sql/sql_update.cc
Text conflict in support-files/mysql.spec.sh
Problem: copying issuer's (or subject's) name tags into an internal
buffer from incoming stream we didn't check the buffer overflow.
That may lead to memory overrun, crash etc.
Fix: ensure we don't overrun the buffer.
Note: there's no simple test case (exploit needed).
extra/yassl/taocrypt/include/asn.hpp:
Fix for bug#50227: Pre-auth buffer-overflow in mySQL through yaSSL
- CertDecoder::AddTag() introduced.
extra/yassl/taocrypt/src/asn.cpp:
Fix for bug#50227: Pre-auth buffer-overflow in mySQL through yaSSL
- copying data from incoming stream to the issuer_ or subject_
buffers ensure we don't overrun them.
- code cleanup.
MYSQL_ADD_EXECUTABLE will instructs CPack where to install the exe. On Windows, it also
adds version resource and if -DSIGNCODE was given, will sign the exe in packaging step.
