[MDEV-7475] Wrong implementation of checking PLUGIN_VAR_SET condition - JIRA

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: 10.0.15, 5.5.41
Fix Version/s: 10.0.16, 5.5.42
Component/s: Plugins
Labels:
- plugins
Environment:
I've confirmed in Windows + Visual Studio 2013. But, other platform is affected this issue. e.g. CentOS 6.5.

Description

This issue is MariaDB specific. MySQL is not implement this condition checking.

In sql_plugin.cc, MariaDB implements PLUGIN_VAR_STR check as follows:

   3963        if (mysqld_server_started &&
   3964            ((o->flags & (PLUGIN_VAR_STR | PLUGIN_VAR_NOCMDOPT |
   3965                           PLUGIN_VAR_MEMALLOC)) == PLUGIN_VAR_STR))
   3966        {

But, this implementation has a critical bug which causes SEGV.

This SEGV issues causes as follows:

Build latest Mroonga
Install built Mroonga into MariaDB
MySQL client lost connection against mysqld.

Lost connection log:

MariaDB [(none)]> INSTALL PLUGIN Mroonga SONAME 'ha_mroonga.dll';
ERROR 2013 (HY000): Lost connection to MySQL server during query

Because, these phenomena causes wrong condition about PLUGIN_VAR_STR.

In include/mysql/plugin.h, a series of PLUGIN_* value defined.
But, these value has a misleading point.

Here is the misleading point:
From PLUGIN_VAR_BOOL to PLUGIN_VAR_DOUBLE are not assumed as a flag. But, defined after PLUGIN_VAR_UNSIGNED macro value are designed as a flag.

OK, let's apply above description in practice.

Here is the line which has causes problem:

 (o->flags & (PLUGIN_VAR_STR | PLUGIN_VAR_NOCMDOPT | PLUGIN_VAR_MEMALLOC)) == PLUGIN_VAR_STR

From above description,

o->flags & (PLUGIN_VAR_NOCMDOPT | PLUGIN_VAR_MEMALLOC)

is valid, because PLUGIN_VAR_NOCMDOPT and PLUGIN_VAR_MEMALLOC are designed as a flag. It is valid.
But,

 (o->flags & PLUGIN_VAR_STR) == PLUGIN_VAR_STR

is invalid code. Because,

(PLUGIN_VAR_SET & PLUGIN_VAR_STR) == PLUGIN_VAR_STR

is true!
In more detail, PLUGIN_VAR_STR and PLUGIN_VAR_SET are defined as follows in include/mysql/plugin.h:

#define PLUGIN_VAR_STR          0x0005
#define PLUGIN_VAR_SET          0x0007

So, PLUGIN_VAR_SET & PLUGIN_VAR_STR ( 0x0007 AND 0x0005) equals PLUGIN_VAR_STR (0x0005).

This result causes following bug:
In latest Mroonga, specifies PLUGIN_VAR_SET ( https://github.com/mroonga/mroonga/blob/master/ha_mroonga.cpp#L965 ), not specifies PLUGIN_VAR_STR. But,

 (o->flags & (PLUGIN_VAR_STR | PLUGIN_VAR_NOCMDOPT | PLUGIN_VAR_MEMALLOC)) == PLUGIN_VAR_STR

matches PLUGIN_VAR_STR, in spite of PLUGIN_VAR_STR is not set (NULL).

As a result, causes SEGV and not to be able to register Mroonga storage engine plugin into MariaDB.

I've added a fix patch which is written by Kohei Sutou.
original patch found by (Sorry, this email is in Japanese...) : http://sourceforge.jp/projects/groonga/lists/archive/dev/2015-January/003067.html

Gliffy Diagrams

Attachments

Options
- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List
- Download All

Attachments

sql_plugin.cc.diff
0.6 kB
2015-01-17 15:02

Activity

Hide

Permalink

Sergei Golubchik added a comment - 2015-01-17 18:48

Thanks! It will be fixed in the next release.

Show

Sergei Golubchik added a comment - 2015-01-17 18:48 Thanks! It will be fixed in the next release.

People

Assignee:

Sergei Golubchik

Reporter:

hiroshi HATAKE

Votes:

0 Vote for this issue

Watchers:

2 Start watching this issue

Dates

Created:

2015-01-17 15:02

Updated:

2015-01-19 20:09

Resolved:

2015-01-19 20:09

Time Tracking

Estimated:

Not Specified

Remaining:

Logged:

Agile

View on Board