MDEV-36453 UBSAN: main.mysqltest - runtime error: null pointer

..passed as argument 2, which is declared to never be null
(dynstr_append_mem).

dynstr_append_mem, uses memcpy to append to the string which in the glibc
library is declared to not take null string as the src. Defensively we
declare dynstr_append_mem to not take a null argument too.

mariadb-test, to prevent it calling dynstr_append_mem with a null
mtr variable value, one that hasn't been initialized, we return an
error if the value is null. The result of this is the $6 in the test
case is never assigned a value and would error.

With this resolved, strchr, if the string isn't found, a null pointer is
returned. UBSAN will complain both about incrementing a pointer beyond
the boundary, and also incrementing if it is null.

Author: grooverdan

client/mysqltest.cc

@@ -1534,12 +1534,12 @@ void do_eval(DYNAMIC_STRING *query_eval, const char *query,
       }
       else
       {
-	if (!(v= var_get(p, &p, 0, 0)))
+        if (!(v= var_get(p, &p, 0, 0)) || !v->str_val)
         {
           report_or_die( "Bad variable in eval");
           DBUG_VOID_RETURN;
         }
-	dynstr_append_mem(query_eval, v->str_val, v->str_val_len);
+        dynstr_append_mem(query_eval, v->str_val, v->str_val_len);
       }
       break;
     case '\\':
@@ -9228,8 +9228,9 @@ void do_block(enum block_cmd cmd, struct st_command* command)
 
   /* Parse and evaluate test expression */
   expr_start= strchr(p, '(');
-  if (!expr_start++)
+  if (!expr_start)
     die("missing '(' in %s", cmd_name);
+  expr_start++;
 
   while (my_isspace(charset_info, *expr_start))
     expr_start++;

include/my_sys.h

@@ -861,7 +861,7 @@ extern my_bool init_dynamic_string(DYNAMIC_STRING *str, const char *init_str,
 				   size_t init_alloc,size_t alloc_increment);
 extern my_bool dynstr_append(DYNAMIC_STRING *str, const char *append);
 my_bool dynstr_append_mem(DYNAMIC_STRING *str, const char *append,
-			  size_t length);
+			  size_t length) __attribute__((nonnull(2)));
 extern my_bool dynstr_append_os_quoted(DYNAMIC_STRING *str, const char *append,
                                        ...);
 extern my_bool dynstr_append_quoted(DYNAMIC_STRING *str,

mysql-test/main/mysqltest.result

@@ -301,8 +301,6 @@ hej
 hej 
 hej
 1
-
-
 a long variable content
 a long variable content
 a long a long variable content variable content

mysql-test/main/mysqltest.test

@@ -789,9 +789,6 @@ echo $1;
 let $1=1;
 let $2=$1;
 echo $2;
-let $5=$6;
-echo $5;
-echo $6;
 
 let $where=a long variable content;
 echo $where;