Bug#17590095: COVERITY ANALYSIS RESULTS AND PATCHES

jhauglid · jhauglid · commit 6e597e123ccd · 2013-10-30T09:55:14.000+01:00
Bug#70591   : COVERITY ANALYSIS RESULTS AND PATCHES

Fix various issues found by Coverity.
Some by backporting the fix for
 Bug#16725945: USE_AFTER_FREE ERRORS - COVERITY SCAN

Based on patches contributed by Honza Horak.
diff --git a/mysql-test/lib/My/SafeProcess/safe_process.cc b/mysql-test/lib/My/SafeProcess/safe_process.cc
@@ -1,4 +1,4 @@
-/* Copyright (c) 2008, 2011, Oracle and/or its affiliates. All rights reserved.
+/* Copyright (c) 2008, 2013, Oracle and/or its affiliates. All rights reserved.
 
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
@@ -159,6 +159,7 @@ int main(int argc, char* const argv[] )
   sigemptyset(&sa.sa_mask);
 
   sa_abort.sa_handler= handle_abort;
+  sa_abort.sa_flags= 0;
   sigemptyset(&sa_abort.sa_mask);
   /* Install signal handlers */
   sigaction(SIGTERM, &sa,NULL);
diff --git a/mysys/my_copy.c b/mysys/my_copy.c
@@ -1,4 +1,4 @@
-/* Copyright (c) 2000, 2010, Oracle and/or its affiliates. All rights reserved.
+/* Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
 
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
@@ -98,6 +98,10 @@ int my_copy(const char *from, const char *to, myf MyFlags)
     if (my_close(from_file,MyFlags) | my_close(to_file,MyFlags))
       DBUG_RETURN(-1);				/* Error on close */
 
+    /* Reinitialize closed fd, so they won't be closed again. */
+    from_file= -1;
+    to_file= -1;
+
     /* Copy modes if possible */
 
     if (MyFlags & MY_HOLD_ORIGINAL_MODES && !new_file_stat)
diff --git a/mysys/my_malloc.c b/mysys/my_malloc.c
@@ -1,4 +1,4 @@
-/* Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved.
+/* Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
 
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
@@ -85,6 +85,9 @@ void *my_realloc(void *oldpoint, size_t size, myf my_flags)
                    (ulong) size, my_flags));
 
   DBUG_ASSERT(size > 0);
+  /* These flags are mutually exclusive. */
+  DBUG_ASSERT(!((my_flags & MY_FREE_ON_ERROR) &&
+                (my_flags & MY_HOLD_ON_ERROR)));
   DBUG_EXECUTE_IF("simulate_out_of_memory",
                   point= NULL;
                   goto end;);
@@ -100,10 +103,10 @@ void *my_realloc(void *oldpoint, size_t size, myf my_flags)
 #endif
   if (point == NULL)
   {
-    if (my_flags & MY_FREE_ON_ERROR)
-      my_free(oldpoint);
     if (my_flags & MY_HOLD_ON_ERROR)
       DBUG_RETURN(oldpoint);
+    if (my_flags & MY_FREE_ON_ERROR)
+      my_free(oldpoint);
     my_errno=errno;
     if (my_flags & (MY_FAE+MY_WME))
       my_error(EE_OUTOFMEMORY, MYF(ME_BELL+ ME_WAITTANG + ME_FATALERROR),
diff --git a/sql/sql_prepare.cc b/sql/sql_prepare.cc
@@ -3022,7 +3022,9 @@ void mysql_stmt_get_longdata(THD *thd, char *packet, ulong packet_length)
   {
     stmt->state= Query_arena::STMT_ERROR;
     stmt->last_errno= thd->get_stmt_da()->sql_errno();
-    strncpy(stmt->last_error, thd->get_stmt_da()->message(), MYSQL_ERRMSG_SIZE);
+    size_t len= sizeof(stmt->last_error);
+    strncpy(stmt->last_error, thd->get_stmt_da()->message(), len - 1);
+    stmt->last_error[len - 1] = '\0';
   }
   thd->set_stmt_da(save_stmt_da);
 
diff --git a/sql/sql_trigger.cc b/sql/sql_trigger.cc
@@ -1,5 +1,5 @@
 /*
-   Copyright (c) 2004, 2012, Oracle and/or its affiliates. All rights reserved.
+   Copyright (c) 2004, 2013, Oracle and/or its affiliates. All rights reserved.
 
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
@@ -2303,7 +2303,9 @@ void Table_triggers_list::mark_fields_used(trg_event_type event)
 void Table_triggers_list::set_parse_error_message(char *error_message)
 {
   m_has_unparseable_trigger= true;
-  strcpy(m_parse_error_message, error_message);
+  size_t len= sizeof(m_parse_error_message);
+  strncpy(m_parse_error_message, error_message, len - 1);
+  m_parse_error_message[len - 1] = '\0';
 }
 
 

Original file line number	Diff line number	Diff line change
`@@ -3022,7 +3022,9 @@ void mysql_stmt_get_longdata(THD thd, char packet, ulong packet_length)`
`3022`	`3022`	`{`
`3023`	`3023`	`stmt->state= Query_arena::STMT_ERROR;`
`3024`	`3024`	`stmt->last_errno= thd->get_stmt_da()->sql_errno();`
`3025`		`- strncpy(stmt->last_error, thd->get_stmt_da()->message(), MYSQL_ERRMSG_SIZE);`
	`3025`	`+ size_t len= sizeof(stmt->last_error);`
	`3026`	`+ strncpy(stmt->last_error, thd->get_stmt_da()->message(), len - 1);`
	`3027`	`+ stmt->last_error[len - 1] = '\0';`
`3026`	`3028`	`}`
`3027`	`3029`	`thd->set_stmt_da(save_stmt_da);`
`3028`	`3030`
Original file line number	Diff line number	Diff line change
`@@ -1,5 +1,5 @@`
`1`	`1`	`/*`
`2`		`- Copyright (c) 2004, 2012, Oracle and/or its affiliates. All rights reserved.`
	`2`	`+ Copyright (c) 2004, 2013, Oracle and/or its affiliates. All rights reserved.`
`3`	`3`
`4`	`4`	`This program is free software; you can redistribute it and/or modify`
`5`	`5`	`it under the terms of the GNU General Public License as published by`
`@@ -2303,7 +2303,9 @@ void Table_triggers_list::mark_fields_used(trg_event_type event)`
`2303`	`2303`	`void Table_triggers_list::set_parse_error_message(char *error_message)`
`2304`	`2304`	`{`
`2305`	`2305`	`m_has_unparseable_trigger= true;`
`2306`		`- strcpy(m_parse_error_message, error_message);`
	`2306`	`+ size_t len= sizeof(m_parse_error_message);`
	`2307`	`+ strncpy(m_parse_error_message, error_message, len - 1);`
	`2308`	`+ m_parse_error_message[len - 1] = '\0';`
`2307`	`2309`	`}`
`2308`	`2310`
`2309`	`2311`