MDEV-20378: Galera uses uninitialized memory

Problem was that wsrep thread argument was deleted on wrong
place. Furthermore, scan method incorrectly used unsafe c_ptr().
Finally, fixed wsrep thread initialization to correctly set
up thread_id and pass correct argument to functions and
fix signess problem causing compiler errors.

sql/wsrep_mysqld.cc

@@ -2696,7 +2696,7 @@ void* start_wsrep_THD(void *arg)
 
   WSREP_DEBUG("wsrep system thread %llu, %p starting",
               thd->thread_id, thd);
-  thd_args->fun()(thd, thd_args->args());
+  thd_args->fun()(thd, static_cast<void *>(thd_args));
 
   WSREP_DEBUG("wsrep system thread: %llu, %p closing",
               thd->thread_id, thd);
@@ -2707,8 +2707,6 @@ void* start_wsrep_THD(void *arg)
 
   close_connection(thd, 0);
 
-  delete thd_args;
-
   mysql_mutex_lock(&LOCK_wsrep_slave_threads);
   DBUG_ASSERT(wsrep_running_threads > 0);
   wsrep_running_threads--;
@@ -2727,6 +2725,7 @@ void* start_wsrep_THD(void *arg)
       break;
   }
 
+  delete thd_args;
   WSREP_DEBUG("wsrep running threads now: %lu", wsrep_running_threads);
   mysql_cond_broadcast(&COND_wsrep_slave_threads);
   mysql_mutex_unlock(&LOCK_wsrep_slave_threads);

sql/wsrep_mysqld.h

@@ -411,18 +411,17 @@ typedef void (*wsrep_thd_processor_fun)(THD*, void *);
 class Wsrep_thd_args
 {
  public:
- Wsrep_thd_args(wsrep_thd_processor_fun fun, void* args,
-                wsrep_thread_type thread_type)
+ Wsrep_thd_args(wsrep_thd_processor_fun fun,
+                wsrep_thread_type thread_type,
+                pthread_t thread_id)
    :
   fun_ (fun),
-  args_ (args),
-  thread_type_ (thread_type)
+  thread_type_ (thread_type),
+  thread_id_ (thread_id)
   { }
 
   wsrep_thd_processor_fun fun() { return fun_; }
-
-  void* args() { return args_; }
-
+  pthread_t* thread_id() {return &thread_id_; }
   enum wsrep_thread_type thread_type() {return thread_type_;}
 
  private:
@@ -431,8 +430,8 @@ class Wsrep_thd_args
   Wsrep_thd_args& operator=(const Wsrep_thd_args&);
 
   wsrep_thd_processor_fun fun_;
-  void*                   args_;
   enum wsrep_thread_type  thread_type_;
+  pthread_t thread_id_;
 };
 
 void* start_wsrep_THD(void*);

sql/wsrep_schema.cc

@@ -474,7 +474,9 @@ static int scan(TABLE* table, uint field, char* strbuf, uint strbuf_len)
 {
   String str;
   (void)table->field[field]->val_str(&str);
-  strncpy(strbuf, str.c_ptr(), std::min(str.length(), strbuf_len));
+  LEX_CSTRING tmp= str.lex_cstring();
+  uint len = tmp.length;
+  strncpy(strbuf, tmp.str, std::min(len, strbuf_len));
   strbuf[strbuf_len - 1]= '\0';
   return 0;
 }

sql/wsrep_sst.cc

@@ -640,7 +640,7 @@ static ssize_t sst_prepare_other (const char*  method,
                                   const char** addr_out)
 {
   bool extra_args;
-  size_t const cmd_len= estimate_cmd_len(&extra_args);
+  ssize_t const cmd_len= estimate_cmd_len(&extra_args);
   wsp::string cmd_str(cmd_len);
 
   if (!cmd_str())
@@ -953,7 +953,7 @@ static int sst_donate_mysqldump (const char*         addr,
   memcpy(host, address.get_address(), address.get_address_len());
   int port= address.get_port();
   bool extra_args;
-  size_t const cmd_len= estimate_cmd_len(&extra_args);
+  ssize_t const cmd_len= estimate_cmd_len(&extra_args);
   wsp::string cmd_str(cmd_len);
 
   if (!cmd_str())
@@ -1350,7 +1350,7 @@ static int sst_donate_other (const char*        method,
                              char**             env) // carries auth info
 {
   bool extra_args;
-  size_t const cmd_len= estimate_cmd_len(&extra_args);
+  ssize_t const cmd_len= estimate_cmd_len(&extra_args);
   wsp::string cmd_str(cmd_len);
 
   if (!cmd_str())

sql/wsrep_thd.cc

@@ -86,7 +86,7 @@ static void wsrep_replication_process(THD *thd,
 static bool create_wsrep_THD(Wsrep_thd_args* args)
 {
   ulong old_wsrep_running_threads= wsrep_running_threads;
-  pthread_t unused;
+
 #ifdef HAVE_PSI_THREAD_INTERFACE
   PSI_thread_key key;
 
@@ -103,7 +103,7 @@ static bool create_wsrep_THD(Wsrep_thd_args* args)
       break;
   }
 #endif
-  bool res= mysql_thread_create(key, &unused, &connection_attrib,
+  bool res= mysql_thread_create(key, args->thread_id(), &connection_attrib,
                                 start_wsrep_THD, (void*)args);
   /*
     if starting a thread on server startup, wait until the this thread's THD
@@ -138,8 +138,9 @@ void wsrep_create_appliers(long threads)
 
   while (wsrep_threads++ < threads)
   {
-    Wsrep_thd_args* args(new Wsrep_thd_args(wsrep_replication_process, 0,
-                                            WSREP_APPLIER_THREAD));
+    Wsrep_thd_args* args(new Wsrep_thd_args(wsrep_replication_process,
+                                            WSREP_APPLIER_THREAD,
+                                            pthread_self()));
     if (create_wsrep_THD(args))
     {
       WSREP_WARN("Can't create thread to manage wsrep replication");
@@ -328,16 +329,19 @@ void wsrep_create_rollbacker()
 {
   if (wsrep_cluster_address && wsrep_cluster_address[0] != 0)
   {
-    Wsrep_thd_args* args= new Wsrep_thd_args(wsrep_rollback_process, 0,
-                                             WSREP_ROLLBACKER_THREAD);
+    Wsrep_thd_args* args(new Wsrep_thd_args(wsrep_rollback_process,
+                                            WSREP_ROLLBACKER_THREAD,
+                                            pthread_self()));
 
     /* create rollbacker */
     if (create_wsrep_THD(args))
       WSREP_WARN("Can't create thread to manage wsrep rollback");
 
     /* create post_rollbacker */
-    args= new Wsrep_thd_args(wsrep_post_rollback_process, 0,
-                             WSREP_ROLLBACKER_THREAD);
+    args= new Wsrep_thd_args(wsrep_post_rollback_process,
+                             WSREP_ROLLBACKER_THREAD,
+                             pthread_self());
+
     if (create_wsrep_THD(args))
       WSREP_WARN("Can't create thread to manage wsrep post rollback");
    }