[#MDEV-4212] [PATCH] Storage plugin can caush segfault in table.cc init_tmp_table

[MDEV-4212] [PATCH] Storage plugin can caush segfault in table.cc init_tmp_table_share() Created: 2013-02-27 Updated: 2013-09-06 Resolved: 2013-06-06
Status:	Closed
Project:	MariaDB Server
Component/s:	None
Affects Version/s:	10.0.1
Fix Version/s:	10.0.4

Type:

Bug

Priority:

Major

Reporter:

Andrew McDonnell

Assignee:

Sergei Golubchik

Resolution:

Won't Fix

Votes:

Labels:

None

Attachments:

table.cc.patch

Description

(Context: I'm working with Arjen Lentz on opengraph )

If a plugin passes a NULL tablename to init_tmp_table_share() this causes a segfault.

If I assume that the core mysqld should be robust, this should be trapped (although not necessarily able to prevent a related segfault elsewhere in the storage plugin)

I have attached a patch that deals with this, by checking the arguments that are otherwise dereferenced by strlen() before it is used and either ASSERTs in debug build or returning with a warning log.

Comments

Comment by Sergei Golubchik [ 2013-06-06 ]

Not really. We don't add checks everywhere against improper usage.
Not even in the client-server API. Think of it, even glibc does not — try to call strcmp with a NULL pointer.

And in this particular case if the plugin invokes init_tmp_table_share without a table name, than something is seriously wrong with it. And failing gracefully here won't help, the plugin will probably just crash later or produce some weird results.

Generated at Thu Feb 08 06:54:39 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.

[MDEV-4212] [PATCH] Storage plugin can caush segfault in table.cc init_tmp_table_share() Created: 2013-02-27 Updated: 2013-09-06 Resolved: 2013-06-06