author：sufei
说明：本文记录在最新版本MySQL 8.0.26中存在的一个bug

---

现象

使用mysqlsh以uri方式创建连接时，若uri中的host域名如果中包含user，且user以URL编码（ASCII形式），同时password信息也在uri中时，mysqlsh报错basic_string::_M_replace_aux

image-20210824203811923

根据官方文档，uri格式如下，特殊字符可用形如%XX的方式替换

[scheme://][user[:password]@]<host[:port]|socket>[/schema][?option=value&option=value...]

分析

通过gdb调试可知，出错的原因主要是因为在mysqlsh::hide_password_in_uri中调用string.replace时异常

hide_password_in_uri函数主要是安全考虑，隐藏系统进程显示中的密码信息，如

image-20210825104025352

static std::string hide_password_in_uri(std::string uri,
                                        const std::string &username) {
  std::size_t pwd_start = uri.find(username) + username.length() + 1;
  std::size_t pwd_size = uri.find('@', pwd_start) - pwd_start;
  return uri.replace(pwd_start, pwd_size, pwd_size, '*');
}

// 调用栈
(gdb) bt
#0  mysqlsh::hide_password_in_uri (uri=..., username=...) at /data2/sf/mysql8/teledb-mysql/8.0.18/mysql-shell-8.0.19-src/mysqlshdk/shellcore/shell_options.cc:108
#1  0x0000000001691634 in mysqlsh::Shell_options::custom_cmdline_handler (this=0x2a20120, iterator=0x7fffffff9690)
    at /data2/sf/mysql8/teledb-mysql/8.0.18/mysql-shell-8.0.19-src/mysqlshdk/shellcore/shell_options.cc:714
...

gdb信息

(gdb) show args
Argument list to give program being debugged when it is started is "--uri %72%6f%6f%74:123456@root123:3306".
(gdb) p username.c_str()
$14 = 0x2a1bf90 "root"
(gdb) p pwd_start
$15 = 25
# string.find找不到对应的字符串，返回2^64-1 (25+18446744073709551590)
(gdb) p pwd_size
$16 = 18446744073709551590
# string.replace接收类型为size_t，最大值2^63-1，导致异常

ps: uri用户信息处理函数

mysqlshdk::db::uri::Uri_parser::parse_userinfo()
# 调用栈
#0  mysqlshdk::db::uri::Uri_parser::parse_userinfo (this=0x7fffffff88e0) at /data2/sf/mysql8/teledb-mysql/8.0.18/mysql-shell-8.0.19-src/mysqlshdk/libs/db/uri_parser.cc:152
#1  0x000000000154d99f in mysqlshdk::db::uri::Uri_parser::parse (this=0x7fffffff88e0, input=..., mode=mysqlshdk::utils::nullable_options::CASE_INSENSITIVE)
    at /data2/sf/mysql8/teledb-mysql/8.0.18/mysql-shell-8.0.19-src/mysqlshdk/libs/db/uri_parser.cc:845
#2  0x00000000014e28f7 in mysqlshdk::db::Connection_options::Connection_options (this=0x7fffffff8f90, uri=..., mode=mysqlshdk::utils::nullable_options::CASE_INSENSITIVE)
    at /data2/sf/mysql8/teledb-mysql/8.0.18/mysql-shell-8.0.19-src/mysqlshdk/libs/db/connection_options.cc:79
#3  0x000000000149f9e9 in shcore::get_connection_options (uri=..., set_defaults=false)
    at /data2/sf/mysql8/teledb-mysql/8.0.18/mysql-shell-8.0.19-src/mysqlshdk/libs/utils/utils_general.cc:169
#4  0x0000000001691575 in mysqlsh::Shell_options::custom_cmdline_handler (this=0x2a20120, iterator=0x7fffffff9690)
    at /data2/sf/mysql8/teledb-mysql/8.0.18/mysql-shell-8.0.19-src/mysqlshdk/shellcore/shell_options.cc:710

官方确认

目前组内成员已向官方提交相关bug，并予以确认
官方已确认（Bug #104714）

image-20210825153800976