Commit a1915039 authored by unknown's avatar unknown

Bug#34598

  "crash on hpita: Invalid address alignment"
  Replace dangerous pointer arithmetic - it may occurr where sizeof(int) is
  less than size of machine alignment requirement.


include/mysql/plugin.h:
  bug34598
    change of update func prototype
sql/sql_plugin.cc:
  bug34598
    Avoid dangerous pointer arithmetic which can cause unaligned word access.
    Change of update function prototype
parent c2b6e653
...@@ -187,7 +187,7 @@ typedef int (*mysql_var_check_func)(MYSQL_THD thd, ...@@ -187,7 +187,7 @@ typedef int (*mysql_var_check_func)(MYSQL_THD thd,
*/ */
typedef void (*mysql_var_update_func)(MYSQL_THD thd, typedef void (*mysql_var_update_func)(MYSQL_THD thd,
struct st_mysql_sys_var *var, struct st_mysql_sys_var *var,
void *var_ptr, void *save); void *var_ptr, const void *save);
/* the following declarations are for internal use only */ /* the following declarations are for internal use only */
......
...@@ -2069,35 +2069,35 @@ static int check_func_set(THD *thd, struct st_mysql_sys_var *var, ...@@ -2069,35 +2069,35 @@ static int check_func_set(THD *thd, struct st_mysql_sys_var *var,
static void update_func_bool(THD *thd, struct st_mysql_sys_var *var, static void update_func_bool(THD *thd, struct st_mysql_sys_var *var,
void *tgt, void *save) void *tgt, const void *save)
{ {
*(my_bool *) tgt= *(int *) save ? 1 : 0; *(my_bool *) tgt= *(int *) save ? 1 : 0;
} }
static void update_func_int(THD *thd, struct st_mysql_sys_var *var, static void update_func_int(THD *thd, struct st_mysql_sys_var *var,
void *tgt, void *save) void *tgt, const void *save)
{ {
*(int *)tgt= *(int *) save; *(int *)tgt= *(int *) save;
} }
static void update_func_long(THD *thd, struct st_mysql_sys_var *var, static void update_func_long(THD *thd, struct st_mysql_sys_var *var,
void *tgt, void *save) void *tgt, const void *save)
{ {
*(long *)tgt= *(long *) save; *(long *)tgt= *(long *) save;
} }
static void update_func_longlong(THD *thd, struct st_mysql_sys_var *var, static void update_func_longlong(THD *thd, struct st_mysql_sys_var *var,
void *tgt, void *save) void *tgt, const void *save)
{ {
*(longlong *)tgt= *(ulonglong *) save; *(longlong *)tgt= *(ulonglong *) save;
} }
static void update_func_str(THD *thd, struct st_mysql_sys_var *var, static void update_func_str(THD *thd, struct st_mysql_sys_var *var,
void *tgt, void *save) void *tgt, const void *save)
{ {
char *old= *(char **) tgt; char *old= *(char **) tgt;
*(char **)tgt= *(char **) save; *(char **)tgt= *(char **) save;
...@@ -2654,7 +2654,8 @@ bool sys_var_pluginvar::check(THD *thd, set_var *var) ...@@ -2654,7 +2654,8 @@ bool sys_var_pluginvar::check(THD *thd, set_var *var)
void sys_var_pluginvar::set_default(THD *thd, enum_var_type type) void sys_var_pluginvar::set_default(THD *thd, enum_var_type type)
{ {
void *tgt, *src; const void *src;
void *tgt;
DBUG_ASSERT(is_readonly() || plugin_var->update); DBUG_ASSERT(is_readonly() || plugin_var->update);
...@@ -2667,9 +2668,34 @@ void sys_var_pluginvar::set_default(THD *thd, enum_var_type type) ...@@ -2667,9 +2668,34 @@ void sys_var_pluginvar::set_default(THD *thd, enum_var_type type)
if (plugin_var->flags & PLUGIN_VAR_THDLOCAL) if (plugin_var->flags & PLUGIN_VAR_THDLOCAL)
{ {
src= ((int*) (plugin_var + 1) + 1);
if (type != OPT_GLOBAL) if (type != OPT_GLOBAL)
src= real_value_ptr(thd, OPT_GLOBAL); src= real_value_ptr(thd, OPT_GLOBAL);
else
switch (plugin_var->flags & PLUGIN_VAR_TYPEMASK) {
case PLUGIN_VAR_INT:
src= &((thdvar_uint_t*) plugin_var)->def_val;
break;
case PLUGIN_VAR_LONG:
src= &((thdvar_ulong_t*) plugin_var)->def_val;
break;
case PLUGIN_VAR_LONGLONG:
src= &((thdvar_ulonglong_t*) plugin_var)->def_val;
break;
case PLUGIN_VAR_ENUM:
src= &((thdvar_enum_t*) plugin_var)->def_val;
break;
case PLUGIN_VAR_SET:
src= &((thdvar_set_t*) plugin_var)->def_val;
break;
case PLUGIN_VAR_BOOL:
src= &((thdvar_bool_t*) plugin_var)->def_val;
break;
case PLUGIN_VAR_STR:
src= &((thdvar_str_t*) plugin_var)->def_val;
break;
default:
DBUG_ASSERT(0);
}
} }
/* thd must equal current_thd if PLUGIN_VAR_THDLOCAL flag is set */ /* thd must equal current_thd if PLUGIN_VAR_THDLOCAL flag is set */
...@@ -2757,25 +2783,25 @@ static void plugin_opt_set_limits(struct my_option *options, ...@@ -2757,25 +2783,25 @@ static void plugin_opt_set_limits(struct my_option *options,
case PLUGIN_VAR_ENUM: case PLUGIN_VAR_ENUM:
options->var_type= GET_ENUM; options->var_type= GET_ENUM;
options->typelib= ((sysvar_enum_t*) opt)->typelib; options->typelib= ((sysvar_enum_t*) opt)->typelib;
options->def_value= *(ulong*) ((int*) (opt + 1) + 1); options->def_value= ((sysvar_enum_t*) opt)->def_val;
options->min_value= options->block_size= 0; options->min_value= options->block_size= 0;
options->max_value= options->typelib->count - 1; options->max_value= options->typelib->count - 1;
break; break;
case PLUGIN_VAR_SET: case PLUGIN_VAR_SET:
options->var_type= GET_SET; options->var_type= GET_SET;
options->typelib= ((sysvar_set_t*) opt)->typelib; options->typelib= ((sysvar_set_t*) opt)->typelib;
options->def_value= *(ulonglong*) ((int*) (opt + 1) + 1); options->def_value= ((sysvar_set_t*) opt)->def_val;
options->min_value= options->block_size= 0; options->min_value= options->block_size= 0;
options->max_value= (ULL(1) << options->typelib->count) - 1; options->max_value= (ULL(1) << options->typelib->count) - 1;
break; break;
case PLUGIN_VAR_BOOL: case PLUGIN_VAR_BOOL:
options->var_type= GET_BOOL; options->var_type= GET_BOOL;
options->def_value= *(my_bool*) ((void**)(opt + 1) + 1); options->def_value= ((sysvar_bool_t*) opt)->def_val;
break; break;
case PLUGIN_VAR_STR: case PLUGIN_VAR_STR:
options->var_type= ((opt->flags & PLUGIN_VAR_MEMALLOC) ? options->var_type= ((opt->flags & PLUGIN_VAR_MEMALLOC) ?
GET_STR_ALLOC : GET_STR); GET_STR_ALLOC : GET_STR);
options->def_value= (ulonglong)(intptr) *((char**) ((void**) (opt + 1) + 1)); options->def_value= (intptr) ((sysvar_str_t*) opt)->def_val;
break; break;
/* threadlocal variables */ /* threadlocal variables */
case PLUGIN_VAR_INT | PLUGIN_VAR_THDLOCAL: case PLUGIN_VAR_INT | PLUGIN_VAR_THDLOCAL:
...@@ -2799,25 +2825,25 @@ static void plugin_opt_set_limits(struct my_option *options, ...@@ -2799,25 +2825,25 @@ static void plugin_opt_set_limits(struct my_option *options,
case PLUGIN_VAR_ENUM | PLUGIN_VAR_THDLOCAL: case PLUGIN_VAR_ENUM | PLUGIN_VAR_THDLOCAL:
options->var_type= GET_ENUM; options->var_type= GET_ENUM;
options->typelib= ((thdvar_enum_t*) opt)->typelib; options->typelib= ((thdvar_enum_t*) opt)->typelib;
options->def_value= *(ulong*) ((int*) (opt + 1) + 1); options->def_value= ((thdvar_enum_t*) opt)->def_val;
options->min_value= options->block_size= 0; options->min_value= options->block_size= 0;
options->max_value= options->typelib->count - 1; options->max_value= options->typelib->count - 1;
break; break;
case PLUGIN_VAR_SET | PLUGIN_VAR_THDLOCAL: case PLUGIN_VAR_SET | PLUGIN_VAR_THDLOCAL:
options->var_type= GET_SET; options->var_type= GET_SET;
options->typelib= ((thdvar_set_t*) opt)->typelib; options->typelib= ((thdvar_set_t*) opt)->typelib;
options->def_value= *(ulonglong*) ((int*) (opt + 1) + 1); options->def_value= ((thdvar_set_t*) opt)->def_val;
options->min_value= options->block_size= 0; options->min_value= options->block_size= 0;
options->max_value= (ULL(1) << options->typelib->count) - 1; options->max_value= (ULL(1) << options->typelib->count) - 1;
break; break;
case PLUGIN_VAR_BOOL | PLUGIN_VAR_THDLOCAL: case PLUGIN_VAR_BOOL | PLUGIN_VAR_THDLOCAL:
options->var_type= GET_BOOL; options->var_type= GET_BOOL;
options->def_value= *(my_bool*) ((int*) (opt + 1) + 1); options->def_value= ((thdvar_bool_t*) opt)->def_val;
break; break;
case PLUGIN_VAR_STR | PLUGIN_VAR_THDLOCAL: case PLUGIN_VAR_STR | PLUGIN_VAR_THDLOCAL:
options->var_type= ((opt->flags & PLUGIN_VAR_MEMALLOC) ? options->var_type= ((opt->flags & PLUGIN_VAR_MEMALLOC) ?
GET_STR_ALLOC : GET_STR); GET_STR_ALLOC : GET_STR);
options->def_value= (intptr) *((char**) ((void**) (opt + 1) + 1)); options->def_value= (intptr) ((thdvar_str_t*) opt)->def_val;
break; break;
default: default:
DBUG_ASSERT(0); DBUG_ASSERT(0);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment