mirror of
https://github.com/MariaDB/server.git
synced 2025-01-16 20:12:31 +01:00
6503226743
memory reference
There are two issues present here.
1) There is a possibility that we test a byte beyond the
allocated buffer
2) We compare a byte that might never have been
initalized to see if it's 0.
The first issue is not triggered by existing code, but an
ASSERT has been added to safe-guard against introducing
new code that triggers it.
The second issue is what triggers the Valgrind warnings
reported in the bug report. A buffer is allocated in
class String to hold the value. This buffer is populated
by the character data constituting the string, but is not
zero-terminated in most cases. Testing if it is indeed
zero-terminated means that we check a byte that has never
been explicitly set, thus causing Valgrind to trigger.
Note that issue 2 is not a serious problem. The variable
is read, and if it's not zero, we will set it to zero.
There are no further consequences.
Note that this patch does not fix the underlying problems
with issue 1, as it is deemed too risky to fix at this
point (as noted in the bug report). As discussed in
the report, the c_ptr() method should probably be
replaced, but this requires a thorough analysis of the
~200 calls to the method.
sql/set_var.cc:
These two cases have been reported to fail
with Valgrind.
408 lines
12 KiB
C++
408 lines
12 KiB
C++
/* Copyright (C) 2000 MySQL AB
|
|
|
|
This program is free software; you can redistribute it and/or modify
|
|
it under the terms of the GNU General Public License as published by
|
|
the Free Software Foundation; version 2 of the License.
|
|
|
|
This program is distributed in the hope that it will be useful,
|
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
GNU General Public License for more details.
|
|
|
|
You should have received a copy of the GNU General Public License
|
|
along with this program; if not, write to the Free Software
|
|
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */
|
|
|
|
/* This file is originally from the mysql distribution. Coded by monty */
|
|
|
|
#ifdef USE_PRAGMA_INTERFACE
|
|
#pragma interface /* gcc class implementation */
|
|
#endif
|
|
|
|
#ifndef NOT_FIXED_DEC
|
|
#define NOT_FIXED_DEC 31
|
|
#endif
|
|
|
|
class String;
|
|
int sortcmp(const String *a,const String *b, CHARSET_INFO *cs);
|
|
String *copy_if_not_alloced(String *a,String *b,uint32 arg_length);
|
|
uint32 copy_and_convert(char *to, uint32 to_length, CHARSET_INFO *to_cs,
|
|
const char *from, uint32 from_length,
|
|
CHARSET_INFO *from_cs, uint *errors);
|
|
uint32 well_formed_copy_nchars(CHARSET_INFO *to_cs,
|
|
char *to, uint to_length,
|
|
CHARSET_INFO *from_cs,
|
|
const char *from, uint from_length,
|
|
uint nchars,
|
|
const char **well_formed_error_pos,
|
|
const char **cannot_convert_error_pos,
|
|
const char **from_end_pos);
|
|
size_t my_copy_with_hex_escaping(CHARSET_INFO *cs,
|
|
char *dst, size_t dstlen,
|
|
const char *src, size_t srclen);
|
|
uint convert_to_printable(char *to, size_t to_len,
|
|
const char *from, size_t from_len,
|
|
CHARSET_INFO *from_cs, size_t nbytes= 0);
|
|
|
|
class String
|
|
{
|
|
char *Ptr;
|
|
uint32 str_length,Alloced_length;
|
|
bool alloced;
|
|
CHARSET_INFO *str_charset;
|
|
public:
|
|
String()
|
|
{
|
|
Ptr=0; str_length=Alloced_length=0; alloced=0;
|
|
str_charset= &my_charset_bin;
|
|
}
|
|
String(uint32 length_arg)
|
|
{
|
|
alloced=0; Alloced_length=0; (void) real_alloc(length_arg);
|
|
str_charset= &my_charset_bin;
|
|
}
|
|
String(const char *str, CHARSET_INFO *cs)
|
|
{
|
|
Ptr=(char*) str; str_length=(uint) strlen(str); Alloced_length=0; alloced=0;
|
|
str_charset=cs;
|
|
}
|
|
String(const char *str,uint32 len, CHARSET_INFO *cs)
|
|
{
|
|
Ptr=(char*) str; str_length=len; Alloced_length=0; alloced=0;
|
|
str_charset=cs;
|
|
}
|
|
String(char *str,uint32 len, CHARSET_INFO *cs)
|
|
{
|
|
Ptr=(char*) str; Alloced_length=str_length=len; alloced=0;
|
|
str_charset=cs;
|
|
}
|
|
String(const String &str)
|
|
{
|
|
Ptr=str.Ptr ; str_length=str.str_length ;
|
|
Alloced_length=str.Alloced_length; alloced=0;
|
|
str_charset=str.str_charset;
|
|
}
|
|
static void *operator new(size_t size, MEM_ROOT *mem_root) throw ()
|
|
{ return (void*) alloc_root(mem_root, (uint) size); }
|
|
static void operator delete(void *ptr_arg, size_t size)
|
|
{
|
|
(void) ptr_arg;
|
|
(void) size;
|
|
TRASH(ptr_arg, size);
|
|
}
|
|
static void operator delete(void *, MEM_ROOT *)
|
|
{ /* never called */ }
|
|
~String() { free(); }
|
|
|
|
inline void set_charset(CHARSET_INFO *charset_arg)
|
|
{ str_charset= charset_arg; }
|
|
inline CHARSET_INFO *charset() const { return str_charset; }
|
|
inline uint32 length() const { return str_length;}
|
|
inline uint32 alloced_length() const { return Alloced_length;}
|
|
inline char& operator [] (uint32 i) const { return Ptr[i]; }
|
|
inline void length(uint32 len) { str_length=len ; }
|
|
inline bool is_empty() const { return (str_length == 0); }
|
|
inline void mark_as_const() { Alloced_length= 0;}
|
|
inline const char *ptr() const { return Ptr; }
|
|
inline char *c_ptr()
|
|
{
|
|
DBUG_ASSERT(!alloced || !Ptr || !Alloced_length ||
|
|
(Alloced_length >= (str_length + 1)));
|
|
|
|
if (!Ptr || Ptr[str_length]) /* Should be safe */
|
|
(void) realloc(str_length);
|
|
return Ptr;
|
|
}
|
|
inline char *c_ptr_quick()
|
|
{
|
|
if (Ptr && str_length < Alloced_length)
|
|
Ptr[str_length]=0;
|
|
return Ptr;
|
|
}
|
|
inline char *c_ptr_safe()
|
|
{
|
|
if (Ptr && str_length < Alloced_length)
|
|
Ptr[str_length]=0;
|
|
else
|
|
(void) realloc(str_length);
|
|
return Ptr;
|
|
}
|
|
|
|
void set(String &str,uint32 offset,uint32 arg_length)
|
|
{
|
|
DBUG_ASSERT(&str != this);
|
|
free();
|
|
Ptr=(char*) str.ptr()+offset; str_length=arg_length; alloced=0;
|
|
if (str.Alloced_length)
|
|
Alloced_length=str.Alloced_length-offset;
|
|
else
|
|
Alloced_length=0;
|
|
str_charset=str.str_charset;
|
|
}
|
|
|
|
|
|
/**
|
|
Points the internal buffer to the supplied one. The old buffer is freed.
|
|
@param str Pointer to the new buffer.
|
|
@param arg_length Length of the new buffer in characters, excluding any
|
|
null character.
|
|
@param cs Character set to use for interpreting string data.
|
|
@note The new buffer will not be null terminated.
|
|
*/
|
|
inline void set(char *str,uint32 arg_length, CHARSET_INFO *cs)
|
|
{
|
|
free();
|
|
Ptr=(char*) str; str_length=Alloced_length=arg_length ; alloced=0;
|
|
str_charset=cs;
|
|
}
|
|
inline void set(const char *str,uint32 arg_length, CHARSET_INFO *cs)
|
|
{
|
|
free();
|
|
Ptr=(char*) str; str_length=arg_length; Alloced_length=0 ; alloced=0;
|
|
str_charset=cs;
|
|
}
|
|
bool set_ascii(const char *str, uint32 arg_length);
|
|
inline void set_quick(char *str,uint32 arg_length, CHARSET_INFO *cs)
|
|
{
|
|
if (!alloced)
|
|
{
|
|
Ptr=(char*) str; str_length=Alloced_length=arg_length;
|
|
}
|
|
str_charset=cs;
|
|
}
|
|
bool set_int(longlong num, bool unsigned_flag, CHARSET_INFO *cs);
|
|
bool set(longlong num, CHARSET_INFO *cs)
|
|
{ return set_int(num, false, cs); }
|
|
bool set(ulonglong num, CHARSET_INFO *cs)
|
|
{ return set_int((longlong)num, true, cs); }
|
|
bool set_real(double num,uint decimals, CHARSET_INFO *cs);
|
|
|
|
/*
|
|
PMG 2004.11.12
|
|
This is a method that works the same as perl's "chop". It simply
|
|
drops the last character of a string. This is useful in the case
|
|
of the federated storage handler where I'm building a unknown
|
|
number, list of values and fields to be used in a sql insert
|
|
statement to be run on the remote server, and have a comma after each.
|
|
When the list is complete, I "chop" off the trailing comma
|
|
|
|
ex.
|
|
String stringobj;
|
|
stringobj.append("VALUES ('foo', 'fi', 'fo',");
|
|
stringobj.chop();
|
|
stringobj.append(")");
|
|
|
|
In this case, the value of string was:
|
|
|
|
VALUES ('foo', 'fi', 'fo',
|
|
VALUES ('foo', 'fi', 'fo'
|
|
VALUES ('foo', 'fi', 'fo')
|
|
|
|
*/
|
|
inline void chop()
|
|
{
|
|
Ptr[str_length--]= '\0';
|
|
}
|
|
|
|
inline void free()
|
|
{
|
|
if (alloced)
|
|
{
|
|
alloced=0;
|
|
Alloced_length=0;
|
|
my_free(Ptr,MYF(0));
|
|
Ptr=0;
|
|
str_length=0; /* Safety */
|
|
}
|
|
}
|
|
inline bool alloc(uint32 arg_length)
|
|
{
|
|
if (arg_length < Alloced_length)
|
|
return 0;
|
|
return real_alloc(arg_length);
|
|
}
|
|
bool real_alloc(uint32 arg_length); // Empties old string
|
|
bool realloc(uint32 arg_length);
|
|
inline void shrink(uint32 arg_length) // Shrink buffer
|
|
{
|
|
if (arg_length < Alloced_length)
|
|
{
|
|
char *new_ptr;
|
|
if (!(new_ptr=(char*) my_realloc(Ptr,arg_length,MYF(0))))
|
|
{
|
|
Alloced_length = 0;
|
|
real_alloc(arg_length);
|
|
}
|
|
else
|
|
{
|
|
Ptr=new_ptr;
|
|
Alloced_length=arg_length;
|
|
}
|
|
}
|
|
}
|
|
bool is_alloced() { return alloced; }
|
|
inline String& operator = (const String &s)
|
|
{
|
|
if (&s != this)
|
|
{
|
|
/*
|
|
It is forbidden to do assignments like
|
|
some_string = substring_of_that_string
|
|
*/
|
|
DBUG_ASSERT(!s.uses_buffer_owned_by(this));
|
|
free();
|
|
Ptr=s.Ptr ; str_length=s.str_length ; Alloced_length=s.Alloced_length;
|
|
alloced=0;
|
|
}
|
|
return *this;
|
|
}
|
|
|
|
bool copy(); // Alloc string if not alloced
|
|
bool copy(const String &s); // Allocate new string
|
|
bool copy(const char *s,uint32 arg_length, CHARSET_INFO *cs); // Allocate new string
|
|
static bool needs_conversion(uint32 arg_length,
|
|
CHARSET_INFO *cs_from, CHARSET_INFO *cs_to,
|
|
uint32 *offset);
|
|
bool copy_aligned(const char *s, uint32 arg_length, uint32 offset,
|
|
CHARSET_INFO *cs);
|
|
bool set_or_copy_aligned(const char *s, uint32 arg_length, CHARSET_INFO *cs);
|
|
bool copy(const char*s,uint32 arg_length, CHARSET_INFO *csfrom,
|
|
CHARSET_INFO *csto, uint *errors);
|
|
bool append(const String &s);
|
|
bool append(const char *s);
|
|
bool append(const char *s,uint32 arg_length);
|
|
bool append(const char *s,uint32 arg_length, CHARSET_INFO *cs);
|
|
bool append(IO_CACHE* file, uint32 arg_length);
|
|
bool append_with_prefill(const char *s, uint32 arg_length,
|
|
uint32 full_length, char fill_char);
|
|
int strstr(const String &search,uint32 offset=0); // Returns offset to substring or -1
|
|
int strrstr(const String &search,uint32 offset=0); // Returns offset to substring or -1
|
|
bool replace(uint32 offset,uint32 arg_length,const char *to,uint32 length);
|
|
bool replace(uint32 offset,uint32 arg_length,const String &to);
|
|
inline bool append(char chr)
|
|
{
|
|
if (str_length < Alloced_length)
|
|
{
|
|
Ptr[str_length++]=chr;
|
|
}
|
|
else
|
|
{
|
|
if (realloc(str_length+1))
|
|
return 1;
|
|
Ptr[str_length++]=chr;
|
|
}
|
|
return 0;
|
|
}
|
|
bool fill(uint32 max_length,char fill);
|
|
void strip_sp();
|
|
friend int sortcmp(const String *a,const String *b, CHARSET_INFO *cs);
|
|
friend int stringcmp(const String *a,const String *b);
|
|
friend String *copy_if_not_alloced(String *a,String *b,uint32 arg_length);
|
|
uint32 numchars();
|
|
int charpos(int i,uint32 offset=0);
|
|
|
|
int reserve(uint32 space_needed)
|
|
{
|
|
return realloc(str_length + space_needed);
|
|
}
|
|
int reserve(uint32 space_needed, uint32 grow_by);
|
|
|
|
/*
|
|
The following append operations do NOT check alloced memory
|
|
q_*** methods writes values of parameters itself
|
|
qs_*** methods writes string representation of value
|
|
*/
|
|
void q_append(const char c)
|
|
{
|
|
Ptr[str_length++] = c;
|
|
}
|
|
void q_append(const uint32 n)
|
|
{
|
|
int4store(Ptr + str_length, n);
|
|
str_length += 4;
|
|
}
|
|
void q_append(double d)
|
|
{
|
|
float8store(Ptr + str_length, d);
|
|
str_length += 8;
|
|
}
|
|
void q_append(double *d)
|
|
{
|
|
float8store(Ptr + str_length, *d);
|
|
str_length += 8;
|
|
}
|
|
void q_append(const char *data, uint32 data_len)
|
|
{
|
|
memcpy(Ptr + str_length, data, data_len);
|
|
str_length += data_len;
|
|
}
|
|
|
|
void write_at_position(int position, uint32 value)
|
|
{
|
|
int4store(Ptr + position,value);
|
|
}
|
|
|
|
void qs_append(const char *str, uint32 len);
|
|
void qs_append(double d);
|
|
void qs_append(double *d);
|
|
inline void qs_append(const char c)
|
|
{
|
|
Ptr[str_length]= c;
|
|
str_length++;
|
|
}
|
|
void qs_append(int i);
|
|
void qs_append(uint i);
|
|
|
|
/* Inline (general) functions used by the protocol functions */
|
|
|
|
inline char *prep_append(uint32 arg_length, uint32 step_alloc)
|
|
{
|
|
uint32 new_length= arg_length + str_length;
|
|
if (new_length > Alloced_length)
|
|
{
|
|
if (realloc(new_length + step_alloc))
|
|
return 0;
|
|
}
|
|
uint32 old_length= str_length;
|
|
str_length+= arg_length;
|
|
return Ptr+ old_length; /* Area to use */
|
|
}
|
|
|
|
inline bool append(const char *s, uint32 arg_length, uint32 step_alloc)
|
|
{
|
|
uint32 new_length= arg_length + str_length;
|
|
if (new_length > Alloced_length && realloc(new_length + step_alloc))
|
|
return TRUE;
|
|
memcpy(Ptr+str_length, s, arg_length);
|
|
str_length+= arg_length;
|
|
return FALSE;
|
|
}
|
|
void print(String *print);
|
|
|
|
/* Swap two string objects. Efficient way to exchange data without memcpy. */
|
|
void swap(String &s);
|
|
|
|
inline bool uses_buffer_owned_by(const String *s) const
|
|
{
|
|
return (s->alloced && Ptr >= s->Ptr && Ptr < s->Ptr + s->str_length);
|
|
}
|
|
bool is_ascii() const
|
|
{
|
|
if (length() == 0)
|
|
return TRUE;
|
|
if (charset()->mbminlen > 1)
|
|
return FALSE;
|
|
for (const char *c= ptr(), *end= c + length(); c < end; c++)
|
|
{
|
|
if (!my_isascii(*c))
|
|
return FALSE;
|
|
}
|
|
return TRUE;
|
|
}
|
|
};
|
|
|
|
static inline bool check_if_only_end_space(CHARSET_INFO *cs, char *str,
|
|
char *end)
|
|
{
|
|
return str+ cs->cset->scan(cs, str, end, MY_SEQ_SPACES) == end;
|
|
}
|