Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
M
mariadb
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Kirill Smelkov
mariadb
Commits
7fffec87
Commit
7fffec87
authored
Aug 21, 2013
by
Praveenkumar Hulakund
Browse files
Options
Browse Files
Download
Plain Diff
Bug#11765252 - READ OF FREED MEMORY WHEN "USE DB" AND
"SHOW PROCESSLIST" Merging from 5.1 to 5.5
parents
fcc00114
3b1e98d2
Changes
5
Show whitespace changes
Inline
Side-by-side
Showing
5 changed files
with
33 additions
and
10 deletions
+33
-10
mysql-test/include/have_valgrind.inc
mysql-test/include/have_valgrind.inc
+11
-0
sql/sql_class.h
sql/sql_class.h
+8
-1
sql/sql_db.cc
sql/sql_db.cc
+6
-3
sql/sql_parse.cc
sql/sql_parse.cc
+2
-0
sql/sql_show.cc
sql/sql_show.cc
+6
-6
No files found.
mysql-test/include/have_valgrind.inc
0 → 100644
View file @
7fffec87
# include/have_valgrind.inc
#
# If some test should be run with only valgrind then skip it while running test
# without it.
#
if
(
!
$VALGRIND_TEST
)
{
--
skip
Need
"--valgrind"
}
sql/sql_class.h
View file @
7fffec87
/* Copyright (c) 2000, 201
2
, Oracle and/or its affiliates. All rights reserved.
/* Copyright (c) 2000, 201
3
, Oracle and/or its affiliates. All rights reserved.
This program is free software; you can redistribute it and/or modify
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
it under the terms of the GNU General Public License as published by
...
@@ -2642,6 +2642,12 @@ public:
...
@@ -2642,6 +2642,12 @@ public:
*/
*/
bool
set_db
(
const
char
*
new_db
,
size_t
new_db_len
)
bool
set_db
(
const
char
*
new_db
,
size_t
new_db_len
)
{
{
/*
Acquiring mutex LOCK_thd_data as we either free the memory allocated
for the database and reallocating the memory for the new db or memcpy
the new_db to the db.
*/
mysql_mutex_lock
(
&
LOCK_thd_data
);
/* Do not reallocate memory if current chunk is big enough. */
/* Do not reallocate memory if current chunk is big enough. */
if
(
db
&&
new_db
&&
db_length
>=
new_db_len
)
if
(
db
&&
new_db
&&
db_length
>=
new_db_len
)
memcpy
(
db
,
new_db
,
new_db_len
+
1
);
memcpy
(
db
,
new_db
,
new_db_len
+
1
);
...
@@ -2654,6 +2660,7 @@ public:
...
@@ -2654,6 +2660,7 @@ public:
db
=
NULL
;
db
=
NULL
;
}
}
db_length
=
db
?
new_db_len
:
0
;
db_length
=
db
?
new_db_len
:
0
;
mysql_mutex_unlock
(
&
LOCK_thd_data
);
return
new_db
&&
!
db
;
return
new_db
&&
!
db
;
}
}
...
...
sql/sql_db.cc
View file @
7fffec87
/*
/*
Copyright (c) 2000, 201
1
, Oracle and/or its affiliates. All rights reserved.
Copyright (c) 2000, 201
3
, Oracle and/or its affiliates. All rights reserved.
This program is free software; you can redistribute it and/or modify
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
it under the terms of the GNU General Public License as published by
...
@@ -1302,9 +1302,12 @@ static void mysql_change_db_impl(THD *thd,
...
@@ -1302,9 +1302,12 @@ static void mysql_change_db_impl(THD *thd,
we just call THD::reset_db(). Since THD::reset_db() does not releases
we just call THD::reset_db(). Since THD::reset_db() does not releases
the previous database name, we should do it explicitly.
the previous database name, we should do it explicitly.
*/
*/
mysql_mutex_lock
(
&
thd
->
LOCK_thd_data
);
if
(
thd
->
db
)
my_free
(
thd
->
db
);
my_free
(
thd
->
db
);
DEBUG_SYNC
(
thd
,
"after_freeing_thd_db"
);
thd
->
reset_db
(
new_db_name
->
str
,
new_db_name
->
length
);
thd
->
reset_db
(
new_db_name
->
str
,
new_db_name
->
length
);
mysql_mutex_unlock
(
&
thd
->
LOCK_thd_data
);
}
}
/* 2. Update security context. */
/* 2. Update security context. */
...
...
sql/sql_parse.cc
View file @
7fffec87
...
@@ -979,7 +979,9 @@ bool dispatch_command(enum enum_server_command command, THD *thd,
...
@@ -979,7 +979,9 @@ bool dispatch_command(enum enum_server_command command, THD *thd,
if
(
save_user_connect
)
if
(
save_user_connect
)
decrease_user_connections
(
save_user_connect
);
decrease_user_connections
(
save_user_connect
);
#endif
/* NO_EMBEDDED_ACCESS_CHECKS */
#endif
/* NO_EMBEDDED_ACCESS_CHECKS */
mysql_mutex_lock
(
&
thd
->
LOCK_thd_data
);
my_free
(
save_db
);
my_free
(
save_db
);
mysql_mutex_unlock
(
&
thd
->
LOCK_thd_data
);
my_free
(
save_security_ctx
.
user
);
my_free
(
save_security_ctx
.
user
);
}
}
break
;
break
;
...
...
sql/sql_show.cc
View file @
7fffec87
...
@@ -1843,10 +1843,10 @@ void mysqld_list_processes(THD *thd,const char *user, bool verbose)
...
@@ -1843,10 +1843,10 @@ void mysqld_list_processes(THD *thd,const char *user, bool verbose)
thd_info
->
host
=
thd
->
strdup
(
tmp_sctx
->
host_or_ip
[
0
]
?
thd_info
->
host
=
thd
->
strdup
(
tmp_sctx
->
host_or_ip
[
0
]
?
tmp_sctx
->
host_or_ip
:
tmp_sctx
->
host_or_ip
:
tmp_sctx
->
host
?
tmp_sctx
->
host
:
""
);
tmp_sctx
->
host
?
tmp_sctx
->
host
:
""
);
if
((
thd_info
->
db
=
tmp
->
db
))
// Safe test
thd_info
->
db
=
thd
->
strdup
(
thd_info
->
db
);
thd_info
->
command
=
(
int
)
tmp
->
command
;
thd_info
->
command
=
(
int
)
tmp
->
command
;
mysql_mutex_lock
(
&
tmp
->
LOCK_thd_data
);
mysql_mutex_lock
(
&
tmp
->
LOCK_thd_data
);
if
((
thd_info
->
db
=
tmp
->
db
))
// Safe test
thd_info
->
db
=
thd
->
strdup
(
thd_info
->
db
);
if
((
mysys_var
=
tmp
->
mysys_var
))
if
((
mysys_var
=
tmp
->
mysys_var
))
mysql_mutex_lock
(
&
mysys_var
->
mutex
);
mysql_mutex_lock
(
&
mysys_var
->
mutex
);
thd_info
->
proc_info
=
(
char
*
)
(
tmp
->
killed
==
THD
::
KILL_CONNECTION
?
"Killed"
:
0
);
thd_info
->
proc_info
=
(
char
*
)
(
tmp
->
killed
==
THD
::
KILL_CONNECTION
?
"Killed"
:
0
);
...
@@ -1920,7 +1920,7 @@ int fill_schema_processlist(THD* thd, TABLE_LIST* tables, COND* cond)
...
@@ -1920,7 +1920,7 @@ int fill_schema_processlist(THD* thd, TABLE_LIST* tables, COND* cond)
{
{
Security_context
*
tmp_sctx
=
tmp
->
security_ctx
;
Security_context
*
tmp_sctx
=
tmp
->
security_ctx
;
struct
st_my_thread_var
*
mysys_var
;
struct
st_my_thread_var
*
mysys_var
;
const
char
*
val
;
const
char
*
val
,
*
db
;
if
((
!
tmp
->
vio_ok
()
&&
!
tmp
->
system_thread
)
||
if
((
!
tmp
->
vio_ok
()
&&
!
tmp
->
system_thread
)
||
(
user
&&
(
!
tmp_sctx
->
user
||
strcmp
(
tmp_sctx
->
user
,
user
))))
(
user
&&
(
!
tmp_sctx
->
user
||
strcmp
(
tmp_sctx
->
user
,
user
))))
...
@@ -1946,13 +1946,13 @@ int fill_schema_processlist(THD* thd, TABLE_LIST* tables, COND* cond)
...
@@ -1946,13 +1946,13 @@ int fill_schema_processlist(THD* thd, TABLE_LIST* tables, COND* cond)
table
->
field
[
2
]
->
store
(
tmp_sctx
->
host_or_ip
,
table
->
field
[
2
]
->
store
(
tmp_sctx
->
host_or_ip
,
strlen
(
tmp_sctx
->
host_or_ip
),
cs
);
strlen
(
tmp_sctx
->
host_or_ip
),
cs
);
/* DB */
/* DB */
if
(
tmp
->
db
)
mysql_mutex_lock
(
&
tmp
->
LOCK_thd_data
);
if
((
db
=
tmp
->
db
))
{
{
table
->
field
[
3
]
->
store
(
tmp
->
db
,
strlen
(
tmp
->
db
),
cs
);
table
->
field
[
3
]
->
store
(
db
,
strlen
(
db
),
cs
);
table
->
field
[
3
]
->
set_notnull
();
table
->
field
[
3
]
->
set_notnull
();
}
}
mysql_mutex_lock
(
&
tmp
->
LOCK_thd_data
);
if
((
mysys_var
=
tmp
->
mysys_var
))
if
((
mysys_var
=
tmp
->
mysys_var
))
mysql_mutex_lock
(
&
mysys_var
->
mutex
);
mysql_mutex_lock
(
&
mysys_var
->
mutex
);
/* COMMAND */
/* COMMAND */
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment