Fixes based on warnings from gcc/clang and valgrind

- Initialize variables that could be used uninitialized - Added extra end space to DbugStringItemTypeValue to get rid of warnings from c_ptr() - Session_sysvars_tracker::update() accessed unitialized memory if called with NULL value. - get_schema_stat_record() accessed unitialized memory if HA_KEY_LONG_HASH was used - parse_vcol_defs() accessed random memory for tables without keys.
author: Monty <monty@mariadb.org> 2019-08-12 10:42:12 +0300
committer: Monty <monty@mariadb.org> 2019-08-12 10:48:38 +0300
commit: 05619f6989590727a470c23475fc987f52b56988 (patch)
tree: 60429bcf8bd0e08550859f4fe5ab622948f23b20
parent: 13f36fffeaecf316435fc497b0f3ae2a5d58d749 (diff)
download: mariadb-git-05619f6989590727a470c23475fc987f52b56988.tar.gz
8 files changed, 26 insertions, 18 deletions
diff --git a/plugin/auth_pam/auth_pam.c b/plugin/auth_pam/auth_pam.c
index ec0096609ba..65d71a81080 100644
--- a/plugin/auth_pam/auth_pam.c
+++ b/plugin/auth_pam/auth_pam.c
@@ -40,7 +40,7 @@ static int pam_auth(MYSQL_PLUGIN_VIO *vio, MYSQL_SERVER_AUTH_INFO *info)
 {
   int p_to_c[2], c_to_p[2]; /* Parent-to-child and child-to-parent pipes. */
   pid_t proc_id;
-  int result= CR_ERROR, pkt_len;
+  int result= CR_ERROR, pkt_len= 0;
   unsigned char field, *pkt;
 
   PAM_DEBUG((stderr, "PAM: opening pipes.\n"));
diff --git a/sql/item.h b/sql/item.h
index 1f32dbfcc82..c39a3514d04 100644
--- a/sql/item.h
+++ b/sql/item.h
@@ -2358,6 +2358,9 @@ public:
     append(item->type_handler()->name().ptr());
     append(')');
     const_cast<Item*>(item)->print(this, QT_EXPLAIN);
+    /* Append end \0 to allow usage of c_ptr() */
+    append('\0');
+    str_length--;
   }
 };
 #endif
diff --git a/sql/rpl_gtid.cc b/sql/rpl_gtid.cc
index 6ab216188ee..a159434f14b 100644
--- a/sql/rpl_gtid.cc
+++ b/sql/rpl_gtid.cc
@@ -874,7 +874,7 @@ rpl_slave_state::gtid_delete_pending(THD *thd,
     Query_tables_list lex_backup;
     TABLE_LIST tlist;
     TABLE *table;
-    handler::Table_flags direct_pos;
+    handler::Table_flags direct_pos= 0;
     list_element *cur, **cur_ptr_ptr;
     bool table_opened= false;
     bool index_inited= false;
diff --git a/sql/session_tracker.cc b/sql/session_tracker.cc
index 1aca3243f2b..5ba0c73e042 100644
--- a/sql/session_tracker.cc
+++ b/sql/session_tracker.cc
@@ -380,11 +380,15 @@ bool Session_sysvars_tracker::enable(THD *thd)
 bool Session_sysvars_tracker::update(THD *thd, set_var *var)
 {
   vars_list tool_list;
-  void *copy= var->save_result.string_value.str ?
-              my_memdup(var->save_result.string_value.str,
-                        var->save_result.string_value.length + 1,
-                        MYF(MY_WME | MY_THREAD_SPECIFIC)) :
-              my_strdup("", MYF(MY_WME | MY_THREAD_SPECIFIC));
+  void *copy;
+  size_t length= 1;
+
+  if (var->save_result.string_value.str)
+    copy= my_memdup(var->save_result.string_value.str,
+                    (length= var->save_result.string_value.length + 1),
+                    MYF(MY_WME | MY_THREAD_SPECIFIC));
+    else
+      copy= my_strdup("", MYF(MY_WME | MY_THREAD_SPECIFIC));
 
   if (!copy)
     return true;
@@ -402,7 +406,7 @@ bool Session_sysvars_tracker::update(THD *thd, set_var *var)
   m_parsed= true;
   orig_list.copy(&tool_list, thd);
   orig_list.construct_var_list(thd->variables.session_track_system_variables,
-                               var->save_result.string_value.length + 1);
+                               length);
   return false;
 }
 
diff --git a/sql/sql_acl.cc b/sql/sql_acl.cc
index 231f8f85b94..847d2bd777b 100644
--- a/sql/sql_acl.cc
+++ b/sql/sql_acl.cc
@@ -4315,7 +4315,7 @@ static int replace_user_table(THD *thd, const User_table &user_table,
   bool handle_as_role= combo->is_role();
   LEX *lex= thd->lex;
   TABLE *table= user_table.table();
-  ACL_USER new_acl_user, *old_acl_user;
+  ACL_USER new_acl_user, *old_acl_user= 0;
   DBUG_ENTER("replace_user_table");
 
   mysql_mutex_assert_owner(&acl_cache->lock);
diff --git a/sql/sql_lex.cc b/sql/sql_lex.cc
index 405d8ffdbf2..a1ee99f29ec 100644
--- a/sql/sql_lex.cc
+++ b/sql/sql_lex.cc
@@ -7903,8 +7903,8 @@ bool st_select_lex::collect_grouping_fields(THD *thd)
     if (item->type() != Item::FIELD_ITEM &&
         !(item->type() == Item::REF_ITEM &&
           item->real_type() == Item::FIELD_ITEM &&
-        ((((Item_ref *) item)->ref_type() == Item_ref::VIEW_REF) ||
-        (((Item_ref *) item)->ref_type() == Item_ref::REF))))
+          ((((Item_ref *) item)->ref_type() == Item_ref::VIEW_REF) ||
+           (((Item_ref *) item)->ref_type() == Item_ref::REF))))
       continue;
 
     Field_pair *grouping_tmp_field=
diff --git a/sql/sql_show.cc b/sql/sql_show.cc
index 718ed4218f1..966e366e681 100644
--- a/sql/sql_show.cc
+++ b/sql/sql_show.cc
@@ -6636,6 +6636,7 @@ static int get_schema_stat_record(THD *thd, TABLE_LIST *tables,
     {
       show_table->file->info(HA_STATUS_VARIABLE |
                              HA_STATUS_NO_LOCK |
+                             HA_STATUS_CONST |
                              HA_STATUS_TIME);
       set_statistics_for_table(thd, show_table);
     }
@@ -6670,15 +6671,15 @@ static int get_schema_stat_record(THD *thd, TABLE_LIST *tables,
                                     "D" : "A"), 1, cs);
             table->field[8]->set_notnull();
           }
-          KEY *key=show_table->key_info+i;
-          if (key->rec_per_key[j] && key->algorithm != HA_KEY_ALG_LONG_HASH)
+          if (key_info->algorithm != HA_KEY_ALG_LONG_HASH &&
+              key_info->rec_per_key[j])
           {
             ha_rows records= (ha_rows) ((double) show_table->stat_records() /
-                                        key->actual_rec_per_key(j));
+                                        key_info->actual_rec_per_key(j));
             table->field[9]->store((longlong) records, TRUE);
             table->field[9]->set_notnull();
           }
-          if (key->algorithm == HA_KEY_ALG_LONG_HASH)
+          if (key_info->algorithm == HA_KEY_ALG_LONG_HASH)
             table->field[13]->store(STRING_WITH_LEN("HASH"), cs);
           else
           {
diff --git a/sql/table.cc b/sql/table.cc
index 48421c4051e..1ab4df0f7cf 100644
--- a/sql/table.cc
+++ b/sql/table.cc
@@ -1184,8 +1184,8 @@ bool parse_vcol_defs(THD *thd, MEM_ROOT *mem_root, TABLE *table,
     {
       List<Item> *field_list= new (mem_root) List<Item>();
       Item *list_item;
-      KEY *key;
-      uint key_index, parts;
+      KEY *key= 0;
+      uint key_index, parts= 0;
       for (key_index= 0; key_index < table->s->keys; key_index++)
       {
         key=table->key_info + key_index;
@@ -1193,7 +1193,7 @@ bool parse_vcol_defs(THD *thd, MEM_ROOT *mem_root, TABLE *table,
         if (key->key_part[parts].fieldnr == field->field_index + 1)
           break;
       }
-      if (key->algorithm != HA_KEY_ALG_LONG_HASH)
+      if (!key || key->algorithm != HA_KEY_ALG_LONG_HASH)
         goto end;
       KEY_PART_INFO *keypart;
       for (uint i=0; i < parts; i++)
author	Monty <monty@mariadb.org>	2019-08-12 10:42:12 +0300
committer	Monty <monty@mariadb.org>	2019-08-12 10:48:38 +0300
commit	05619f6989590727a470c23475fc987f52b56988 (patch)
tree	60429bcf8bd0e08550859f4fe5ab622948f23b20
parent	13f36fffeaecf316435fc497b0f3ae2a5d58d749 (diff)
download	mariadb-git-05619f6989590727a470c23475fc987f52b56988.tar.gz