[MDEV-7475] Wrong implementation of checking PLUGIN_VAR_SET condition Created: 2015-01-17  Updated: 2015-01-19  Resolved: 2015-01-19

Status: Closed
Project: MariaDB Server
Component/s: Plugins
Affects Version/s: 5.5.41, 10.0.15
Fix Version/s: 5.5.42, 10.0.16

Type: Bug Priority: Major
Reporter: hiroshi HATAKE Assignee: Sergei Golubchik
Resolution: Fixed Votes: 0
Labels: plugins
Environment:

I've confirmed in Windows + Visual Studio 2013. But, other platform is affected this issue. e.g. CentOS 6.5.

Attachments: File sql_plugin.cc.diff    

 Description   

This issue is MariaDB specific. MySQL is not implement this condition checking.

In sql_plugin.cc, MariaDB implements PLUGIN_VAR_STR check as follows:

   3963        if (mysqld_server_started &&
 
   3964            ((o->flags & (PLUGIN_VAR_STR | PLUGIN_VAR_NOCMDOPT |
 
   3965                           PLUGIN_VAR_MEMALLOC)) == PLUGIN_VAR_STR))
 
   3966        {

But, this implementation has a critical bug which causes SEGV.

This SEGV issues causes as follows:

  • Build latest Mroonga
  • Install built Mroonga into MariaDB
  • MySQL client lost connection against mysqld.

Lost connection log:

 
MariaDB [(none)]> INSTALL PLUGIN Mroonga SONAME 'ha_mroonga.dll';
 
ERROR 2013 (HY000): Lost connection to MySQL server during query

Because, these phenomena causes wrong condition about PLUGIN_VAR_STR.

In include/mysql/plugin.h, a series of PLUGIN_* value defined.
But, these value has a misleading point.

Here is the misleading point:
From PLUGIN_VAR_BOOL to PLUGIN_VAR_DOUBLE are not assumed as a flag. But, defined after PLUGIN_VAR_UNSIGNED macro value are designed as a flag.

OK, let's apply above description in practice.

Here is the line which has causes problem:

 (o->flags & (PLUGIN_VAR_STR | PLUGIN_VAR_NOCMDOPT | PLUGIN_VAR_MEMALLOC)) == PLUGIN_VAR_STR

From above description, 

o->flags & (PLUGIN_VAR_NOCMDOPT | PLUGIN_VAR_MEMALLOC)

is valid, because PLUGIN_VAR_NOCMDOPT and PLUGIN_VAR_MEMALLOC are designed as a flag. It is valid.
But, 

 (o->flags & PLUGIN_VAR_STR) == PLUGIN_VAR_STR

is invalid code. Because, 

(PLUGIN_VAR_SET & PLUGIN_VAR_STR) == PLUGIN_VAR_STR

is true!
In more detail, PLUGIN_VAR_STR and PLUGIN_VAR_SET are defined as follows in include/mysql/plugin.h:

#define PLUGIN_VAR_STR          0x0005
 
#define PLUGIN_VAR_SET          0x0007

So, PLUGIN_VAR_SET & PLUGIN_VAR_STR ( 0x0007 AND 0x0005) equals PLUGIN_VAR_STR (0x0005).

This result causes following bug:
In latest Mroonga, specifies PLUGIN_VAR_SET ( https://github.com/mroonga/mroonga/blob/master/ha_mroonga.cpp#L965 ), not specifies PLUGIN_VAR_STR. But, 

 (o->flags & (PLUGIN_VAR_STR | PLUGIN_VAR_NOCMDOPT | PLUGIN_VAR_MEMALLOC)) == PLUGIN_VAR_STR

matches PLUGIN_VAR_STR, in spite of PLUGIN_VAR_STR is not set (NULL).

As a result, causes SEGV and not to be able to register Mroonga storage engine plugin into MariaDB.

I've added a fix patch which is written by Kohei Sutou.
original patch found by (Sorry, this email is in Japanese...) : http://sourceforge.jp/projects/groonga/lists/archive/dev/2015-January/003067.html

 Comments   
Comment by Sergei Golubchik [ 2015-01-17 ]

Thanks! It will be fixed in the next release.

Generated at Thu Feb 08 07:19:53 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.