• unknown's avatar
    Bug#19881: slave cores at close_temporary_tables under shutdown · 9534b8f1
    unknown authored
       The bug was found in rpl_stm_000001 testing. In essence the following happens
    
       SLAVE thread receives          what happens
       start
                               init THD and its temp_table (tt0)
       stop
                               storing tt0 pointer to rli->save...
       start
                               restoring temp_tables - new pointer tt1
                               executing regular binlog event DROP temp_table
                               at the end of which tt1-refered list
                               must be empty (slave_open_temp_tables == 0)
                               but the pointer refers to tt0 location!
       shutdown
                               end_slave calls cleaning of temp_tables and crashes.
    
       The reason of the crash is that tt1 values is not zero upon DROPing the single temp table.
       This is due to alg of removing links from temp_tables list which "adapted" 5.0 code
       but w/o accounting that thd->temporary_tables in slave thread in prone to freeing.
       Upon freeing there is no more original '0' value available to denote empty list.
    
       temporary_tables must not refer to any "external" location, one of which thd->temporary_tables represents (since belong to THD instance).
       The fix done in sql_base.cc for two functions, look at there for details.
    
    
    sql/sql_base.cc:
         refining prepend and remove link operation to thd->temporary_tables.
         The list turns to be "flat" double-linked, i.e "prev" accessor refers to an item instead of pointer to one as it was previously with "open_prev".
         On removal an invariant involving slave_open_temp_tables counter is checked.
         When it is zero thd->temporary_tables is set to zero explicitly. This can not be done, for what previous code hoped, because thd object changes when slave stop/start while
         slave's temporary_tables are maintained all the time, until reset/shutdow
    9534b8f1
sql_base.cc 194 KB