From 031f11717d9f351dfb12cd27c225c533e289261a Mon Sep 17 00:00:00 2001 From: Monty Date: Sun, 18 Apr 2021 15:29:13 +0300 Subject: Fix all warnings given by UBSAN MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The easiest way to compile and test the server with UBSAN is to run: ./BUILD/compile-pentium64-ubsan and then run mysql-test-run. After this commit, one should be able to run this without any UBSAN warnings. There is still a few compiler warnings that should be fixed at some point, but these do not expose any real bugs. The 'special' cases where we disable, suppress or circumvent UBSAN are: - ref10 source (as here we intentionally do some shifts that UBSAN complains about. - x86 version of optimized int#korr() methods. UBSAN do not like unaligned memory access of integers. Fixed by using byte_order_generic.h when compiling with UBSAN - We use smaller thread stack with ASAN and UBSAN, which forced me to disable a few tests that prints the thread stack size. - Verifying class types does not work for shared libraries. I added suppression in mysql-test-run.pl for this case. - Added '#ifdef WITH_UBSAN' when using integer arithmetic where it is safe to have overflows (two cases, in item_func.cc). Things fixed: - Don't left shift signed values (byte_order_generic.h, mysqltest.c, item_sum.cc and many more) - Don't assign not non existing values to enum variables. - Ensure that bool and enum values are properly initialized in constructors. This was needed as UBSAN checks that these types has correct values when one copies an object. (gcalc_tools.h, ha_partition.cc, item_sum.cc, partition_element.h ...) - Ensure we do not called handler functions on unallocated objects or deleted objects. (events.cc, sql_acl.cc). - Fixed bugs in Item_sp::Item_sp() where we did not call constructor on Query_arena object. - Fixed several cast of objects to an incompatible class! (Item.cc, Item_buff.cc, item_timefunc.cc, opt_subselect.cc, sql_acl.cc, sql_select.cc ...) - Ensure we do not do integer arithmetic that causes over or underflows. This includes also ++ and -- of integers. (Item_func.cc, Item_strfunc.cc, item_timefunc.cc, sql_base.cc ...) - Added JSON_VALUE_UNITIALIZED to json_value_types and ensure that value_type is initialized to this instead of to -1, which is not a valid enum value for json_value_types. - Ensure we do not call memcpy() when second argument could be null. - Fixed that Item_func_str::make_empty_result() creates an empty string instead of a null string (safer as it ensures we do not do arithmetic on null strings). Other things: - Changed struct st_position to an OBJECT and added an initialization function to it to ensure that we do not copy or use uninitialized members. The change to a class was also motived that we used "struct st_position" and POSITION randomly trough the code which was confusing. - Notably big rewrite in sql_acl.cc to avoid using deleted objects. - Changed in sql_partition to use '^' instead of '-'. This is safe as the operator is either 0 or 0x8000000000000000ULL. - Added check for select_nr < INT_MAX in JOIN::build_explain() to avoid bug when get_select() could return NULL. - Reordered elements in POSITION for better alignment. - Changed sql_test.cc::print_plan() to use pointers instead of objects. - Fixed bug in find_set() where could could execute '1 << -1'. - Added variable have_sanitizer, used by mtr. (This variable was before only in 10.5 and up). It can now have one of two values: ASAN or UBSAN. - Moved ~Archive_share() from ha_archive.cc to ha_archive.h and marked it virtual. This was an effort to get UBSAN to work with loaded storage engines. I kept the change as the new place is better. - Added in CONNECT engine COLBLK::SetName(), to get around a wrong cast in tabutil.cpp. - Added HAVE_REPLICATION around usage of rgi_slave, to get embedded server to compile with UBSAN. (Patch from Marko). - Added #ifdef for powerpc64 to avoid a bug in old gcc versions related to integer arithmetic. Changes that should not be needed but had to be done to suppress warnings from UBSAN: - Added static_cast<> around shift to get rid of a LOT of compiler warnings when using UBSAN. - Had to change some '/' of 2 base integers to shift to get rid of some compile time warnings. Reviewed by: - Json changes: Alexey Botchkov - Charset changes in ctype-uca.c: Alexander Barkov - InnoDB changes & Embedded server: Marko Mäkelä - sql_acl.cc changes: Vicențiu Ciorbaru - build_explain() changes: Sergey Petrunia --- sql/sql_acl.cc | 117 ++++++++++++++++++++++++++++++++------------------------- 1 file changed, 65 insertions(+), 52 deletions(-) (limited to 'sql/sql_acl.cc') diff --git a/sql/sql_acl.cc b/sql/sql_acl.cc index ddaa54588d7..96f1b87d5d7 100644 --- a/sql/sql_acl.cc +++ b/sql/sql_acl.cc @@ -5348,7 +5348,7 @@ routine_hash_search(const char *host, const char *ip, const char *db, const char *user, const char *tname, const Sp_handler *sph, bool exact) { - return (GRANT_TABLE*) + return (GRANT_NAME*) name_hash_search(sph->get_priv_hash(), host, ip, db, user, tname, exact, TRUE); } @@ -5362,6 +5362,10 @@ table_hash_search(const char *host, const char *ip, const char *db, user, tname, exact, FALSE); } +static bool column_priv_insert(GRANT_TABLE *grant) +{ + return my_hash_insert(&column_priv_hash,(uchar*) grant); +} static GRANT_COLUMN * column_hash_search(GRANT_TABLE *t, const char *cname, size_t length) @@ -5591,6 +5595,15 @@ static inline void get_grantor(THD *thd, char *grantor) strxmov(grantor, user, "@", host, NullS); } + +/** + Revoke rights from a grant table entry. + + @return 0 ok + @return 1 fatal error (error given) + @return -1 grant table was revoked +*/ + static int replace_table_table(THD *thd, GRANT_TABLE *grant_table, TABLE *table, const LEX_USER &combo, const char *db, const char *table_name, @@ -5615,7 +5628,7 @@ static int replace_table_table(THD *thd, GRANT_TABLE *grant_table, { my_message(ER_PASSWORD_NO_MATCH, ER_THD(thd, ER_PASSWORD_NO_MATCH), MYF(0)); /* purecov: deadcode */ - DBUG_RETURN(-1); /* purecov: deadcode */ + DBUG_RETURN(1); /* purecov: deadcode */ } } @@ -5646,7 +5659,7 @@ static int replace_table_table(THD *thd, GRANT_TABLE *grant_table, my_error(ER_NONEXISTING_TABLE_GRANT, MYF(0), combo.user.str, combo.host.str, table_name); /* purecov: deadcode */ - DBUG_RETURN(-1); /* purecov: deadcode */ + DBUG_RETURN(1); /* purecov: deadcode */ } old_row_exists = 0; restore_record(table,record[1]); // Get saved record @@ -5709,13 +5722,14 @@ static int replace_table_table(THD *thd, GRANT_TABLE *grant_table, else { my_hash_delete(&column_priv_hash,(uchar*) grant_table); + DBUG_RETURN(-1); // Entry revoked } DBUG_RETURN(0); /* This should never happen */ table_error: table->file->print_error(error,MYF(0)); /* purecov: deadcode */ - DBUG_RETURN(-1); /* purecov: deadcode */ + DBUG_RETURN(1); /* purecov: deadcode */ } @@ -6476,7 +6490,7 @@ static int update_role_table_columns(GRANT_TABLE *merged, privs, cols); merged->init_privs= merged->init_cols= 0; update_role_columns(merged, first, last); - my_hash_insert(&column_priv_hash,(uchar*) merged); + column_priv_insert(merged); return 2; } else if ((privs | cols) == 0) @@ -6796,7 +6810,7 @@ int mysql_table_grant(THD *thd, TABLE_LIST *table_list, bool revoke_grant) { ulong column_priv= 0; - int result; + int result, res; List_iterator str_list (user_list); LEX_USER *Str, *tmp_Str; bool create_new_users=0; @@ -6939,12 +6953,12 @@ int mysql_table_grant(THD *thd, TABLE_LIST *table_list, result= TRUE; continue; } - grant_table = new GRANT_TABLE (Str->host.str, db_name, - Str->user.str, table_name, - rights, - column_priv); + grant_table= new (&grant_memroot) GRANT_TABLE(Str->host.str, db_name, + Str->user.str, table_name, + rights, + column_priv); if (!grant_table || - my_hash_insert(&column_priv_hash,(uchar*) grant_table)) + column_priv_insert(grant_table)) { result= TRUE; /* purecov: deadcode */ continue; /* purecov: deadcode */ @@ -6987,22 +7001,24 @@ int mysql_table_grant(THD *thd, TABLE_LIST *table_list, /* TODO(cvicentiu) refactor replace_table_table to use Tables_priv_table instead of TABLE directly. */ - if (replace_table_table(thd, grant_table, tables.tables_priv_table().table(), - *Str, db_name, table_name, - rights, column_priv, revoke_grant)) - { - /* Should only happen if table is crashed */ - result= TRUE; /* purecov: deadcode */ - } - else if (tables.columns_priv_table().table_exists()) + if (tables.columns_priv_table().table_exists()) { /* TODO(cvicentiu) refactor replace_column_table to use Columns_priv_table instead of TABLE directly. */ if (replace_column_table(grant_table, tables.columns_priv_table().table(), *Str, columns, db_name, table_name, rights, revoke_grant)) - { result= TRUE; + } + if ((res= replace_table_table(thd, grant_table, + tables.tables_priv_table().table(), + *Str, db_name, table_name, + rights, column_priv, revoke_grant))) + { + if (res > 0) + { + /* Should only happen if table is crashed */ + result= TRUE; /* purecov: deadcode */ } } if (Str->is_role()) @@ -7014,9 +7030,7 @@ int mysql_table_grant(THD *thd, TABLE_LIST *table_list, mysql_mutex_unlock(&acl_cache->lock); if (!result) /* success */ - { result= write_bin_log(thd, TRUE, thd->query(), thd->query_length()); - } mysql_rwlock_unlock(&LOCK_grant); @@ -7704,7 +7718,7 @@ static bool grant_load(THD *thd, if (! mem_check->ok()) delete mem_check; - else if (my_hash_insert(&column_priv_hash,(uchar*) mem_check)) + else if (column_priv_insert(mem_check)) { delete mem_check; goto end_unlock; @@ -11100,7 +11114,7 @@ mysql_revoke_sp_privs(THD *thd, Grant_tables *tables, const Sp_handler *sph, bool mysql_revoke_all(THD *thd, List &list) { uint counter, revoked; - int result; + int result, res; ACL_DB *acl_db; DBUG_ENTER("mysql_revoke_all"); @@ -11193,36 +11207,35 @@ bool mysql_revoke_all(THD *thd, List &list) if (!strcmp(lex_user->user.str,user) && !strcmp(lex_user->host.str, host)) { - /* TODO(cvicentiu) refactor replace_db_table to use - Db_table instead of TABLE directly. */ - if (replace_table_table(thd, grant_table, - tables.tables_priv_table().table(), - *lex_user, grant_table->db, - grant_table->tname, ~(ulong)0, 0, 1)) - { + List columns; + /* TODO(cvicentiu) refactor replace_db_table to use + Db_table instead of TABLE directly. */ + if (replace_column_table(grant_table, + tables.columns_priv_table().table(), + *lex_user, columns, grant_table->db, + grant_table->tname, ~(ulong)0, 1)) result= -1; - } - else + + /* TODO(cvicentiu) refactor replace_db_table to use + Db_table instead of TABLE directly. */ + if ((res= replace_table_table(thd, grant_table, + tables.tables_priv_table().table(), + *lex_user, grant_table->db, + grant_table->tname, ~(ulong)0, 0, 1))) { - if (!grant_table->cols) - { - revoked= 1; - continue; - } - List columns; - /* TODO(cvicentiu) refactor replace_db_table to use - Db_table instead of TABLE directly. */ - if (!replace_column_table(grant_table, - tables.columns_priv_table().table(), - *lex_user, columns, grant_table->db, - grant_table->tname, ~(ulong)0, 1)) - { - revoked= 1; - continue; - } - result= -1; - } - } + if (res > 0) + result= -1; + else + { + /* + Entry was deleted. We have to retry the loop as the + hash table has probably been reorganized. + */ + revoked= 1; + continue; + } + } + } counter++; } } while (revoked); -- cgit v1.2.1