Commit fe036d98 authored by unknown's avatar unknown

Bug #27383: Crash in test "mysql_client_test"

The C optimizer may decide that data access operations
through pointer of different type are not related to 
the original data (strict aliasing).
This is what happens in fetch_long_with_conversion(),
when called as part of mysql_stmt_fetch() : it tries 
to check for truncation errors by first storing float
(and other types of data) into a char * buffer and then 
accesses them through a float pointer.
This is done to prevent the effects of excess precision
when using FPU registers.
However the doublestore() macro converts a double pointer
to an union pointer. This violates the strict aliasing rule.
Fixed by making the intermediary variables volatile (
to not re-introduce the excess precision bug) and using
the intermediary value instead of the char * buffer.
Note that there can be loss of precision for both signed
and unsigned 64 bit integers converted to double and back,
so the check must stay there (even for compatibility 
reasons).
Based on the excellent analysis in bug 28400.


libmysql/libmysql.c:
  Bug #27383: avoid pointer aliasing problems while 
  not re-violating the Intel FPU gcc bug.
parent fcacd0b2
...@@ -3663,33 +3663,38 @@ static void fetch_long_with_conversion(MYSQL_BIND *param, MYSQL_FIELD *field, ...@@ -3663,33 +3663,38 @@ static void fetch_long_with_conversion(MYSQL_BIND *param, MYSQL_FIELD *field,
case MYSQL_TYPE_FLOAT: case MYSQL_TYPE_FLOAT:
{ {
/* /*
We need to store data in the buffer before the truncation check to We need to mark the local variable volatile to
workaround Intel FPU executive precision feature. workaround Intel FPU executive precision feature.
(See http://gcc.gnu.org/bugzilla/show_bug.cgi?id=323 for details) (See http://gcc.gnu.org/bugzilla/show_bug.cgi?id=323 for details)
AFAIU it does not guarantee to work.
*/ */
float data; volatile float data;
if (is_unsigned) if (is_unsigned)
{
data= (float) ulonglong2double(value); data= (float) ulonglong2double(value);
*param->error= ((ulonglong) value) != ((ulonglong) data);
}
else else
data= (float) value; {
data= (float)value;
*param->error= value != ((longlong) data);
}
floatstore(buffer, data); floatstore(buffer, data);
*param->error= is_unsigned ?
((ulonglong) value) != ((ulonglong) (*(float*) buffer)) :
((longlong) value) != ((longlong) (*(float*) buffer));
break; break;
} }
case MYSQL_TYPE_DOUBLE: case MYSQL_TYPE_DOUBLE:
{ {
double data; volatile double data;
if (is_unsigned) if (is_unsigned)
{
data= ulonglong2double(value); data= ulonglong2double(value);
*param->error= ((ulonglong) value) != ((ulonglong) data);
}
else else
{
data= (double)value; data= (double)value;
*param->error= value != ((longlong) data);
}
doublestore(buffer, data); doublestore(buffer, data);
*param->error= is_unsigned ?
((ulonglong) value) != ((ulonglong) (*(double*) buffer)) :
((longlong) value) != ((longlong) (*(double*) buffer));
break; break;
} }
case MYSQL_TYPE_TIME: case MYSQL_TYPE_TIME:
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment