Commit 7fffec87 authored by Praveenkumar Hulakund's avatar Praveenkumar Hulakund

Bug#11765252 - READ OF FREED MEMORY WHEN "USE DB" AND

               "SHOW PROCESSLIST"

Merging from 5.1 to 5.5
parents fcc00114 3b1e98d2
# include/have_valgrind.inc
#
# If some test should be run with only valgrind then skip it while running test
# without it.
#
if (!$VALGRIND_TEST) {
--skip Need "--valgrind"
}
/* Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights reserved. /* Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
This program is free software; you can redistribute it and/or modify This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by it under the terms of the GNU General Public License as published by
...@@ -2642,6 +2642,12 @@ public: ...@@ -2642,6 +2642,12 @@ public:
*/ */
bool set_db(const char *new_db, size_t new_db_len) bool set_db(const char *new_db, size_t new_db_len)
{ {
/*
Acquiring mutex LOCK_thd_data as we either free the memory allocated
for the database and reallocating the memory for the new db or memcpy
the new_db to the db.
*/
mysql_mutex_lock(&LOCK_thd_data);
/* Do not reallocate memory if current chunk is big enough. */ /* Do not reallocate memory if current chunk is big enough. */
if (db && new_db && db_length >= new_db_len) if (db && new_db && db_length >= new_db_len)
memcpy(db, new_db, new_db_len+1); memcpy(db, new_db, new_db_len+1);
...@@ -2654,6 +2660,7 @@ public: ...@@ -2654,6 +2660,7 @@ public:
db= NULL; db= NULL;
} }
db_length= db ? new_db_len : 0; db_length= db ? new_db_len : 0;
mysql_mutex_unlock(&LOCK_thd_data);
return new_db && !db; return new_db && !db;
} }
......
/* /*
Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved. Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
This program is free software; you can redistribute it and/or modify This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by it under the terms of the GNU General Public License as published by
...@@ -1302,9 +1302,12 @@ static void mysql_change_db_impl(THD *thd, ...@@ -1302,9 +1302,12 @@ static void mysql_change_db_impl(THD *thd,
we just call THD::reset_db(). Since THD::reset_db() does not releases we just call THD::reset_db(). Since THD::reset_db() does not releases
the previous database name, we should do it explicitly. the previous database name, we should do it explicitly.
*/ */
mysql_mutex_lock(&thd->LOCK_thd_data);
if (thd->db)
my_free(thd->db); my_free(thd->db);
DEBUG_SYNC(thd, "after_freeing_thd_db");
thd->reset_db(new_db_name->str, new_db_name->length); thd->reset_db(new_db_name->str, new_db_name->length);
mysql_mutex_unlock(&thd->LOCK_thd_data);
} }
/* 2. Update security context. */ /* 2. Update security context. */
......
...@@ -979,7 +979,9 @@ bool dispatch_command(enum enum_server_command command, THD *thd, ...@@ -979,7 +979,9 @@ bool dispatch_command(enum enum_server_command command, THD *thd,
if (save_user_connect) if (save_user_connect)
decrease_user_connections(save_user_connect); decrease_user_connections(save_user_connect);
#endif /* NO_EMBEDDED_ACCESS_CHECKS */ #endif /* NO_EMBEDDED_ACCESS_CHECKS */
mysql_mutex_lock(&thd->LOCK_thd_data);
my_free(save_db); my_free(save_db);
mysql_mutex_unlock(&thd->LOCK_thd_data);
my_free(save_security_ctx.user); my_free(save_security_ctx.user);
} }
break; break;
......
...@@ -1843,10 +1843,10 @@ void mysqld_list_processes(THD *thd,const char *user, bool verbose) ...@@ -1843,10 +1843,10 @@ void mysqld_list_processes(THD *thd,const char *user, bool verbose)
thd_info->host= thd->strdup(tmp_sctx->host_or_ip[0] ? thd_info->host= thd->strdup(tmp_sctx->host_or_ip[0] ?
tmp_sctx->host_or_ip : tmp_sctx->host_or_ip :
tmp_sctx->host ? tmp_sctx->host : ""); tmp_sctx->host ? tmp_sctx->host : "");
if ((thd_info->db=tmp->db)) // Safe test
thd_info->db=thd->strdup(thd_info->db);
thd_info->command=(int) tmp->command; thd_info->command=(int) tmp->command;
mysql_mutex_lock(&tmp->LOCK_thd_data); mysql_mutex_lock(&tmp->LOCK_thd_data);
if ((thd_info->db= tmp->db)) // Safe test
thd_info->db= thd->strdup(thd_info->db);
if ((mysys_var= tmp->mysys_var)) if ((mysys_var= tmp->mysys_var))
mysql_mutex_lock(&mysys_var->mutex); mysql_mutex_lock(&mysys_var->mutex);
thd_info->proc_info= (char*) (tmp->killed == THD::KILL_CONNECTION? "Killed" : 0); thd_info->proc_info= (char*) (tmp->killed == THD::KILL_CONNECTION? "Killed" : 0);
...@@ -1920,7 +1920,7 @@ int fill_schema_processlist(THD* thd, TABLE_LIST* tables, COND* cond) ...@@ -1920,7 +1920,7 @@ int fill_schema_processlist(THD* thd, TABLE_LIST* tables, COND* cond)
{ {
Security_context *tmp_sctx= tmp->security_ctx; Security_context *tmp_sctx= tmp->security_ctx;
struct st_my_thread_var *mysys_var; struct st_my_thread_var *mysys_var;
const char *val; const char *val, *db;
if ((!tmp->vio_ok() && !tmp->system_thread) || if ((!tmp->vio_ok() && !tmp->system_thread) ||
(user && (!tmp_sctx->user || strcmp(tmp_sctx->user, user)))) (user && (!tmp_sctx->user || strcmp(tmp_sctx->user, user))))
...@@ -1946,13 +1946,13 @@ int fill_schema_processlist(THD* thd, TABLE_LIST* tables, COND* cond) ...@@ -1946,13 +1946,13 @@ int fill_schema_processlist(THD* thd, TABLE_LIST* tables, COND* cond)
table->field[2]->store(tmp_sctx->host_or_ip, table->field[2]->store(tmp_sctx->host_or_ip,
strlen(tmp_sctx->host_or_ip), cs); strlen(tmp_sctx->host_or_ip), cs);
/* DB */ /* DB */
if (tmp->db) mysql_mutex_lock(&tmp->LOCK_thd_data);
if ((db= tmp->db))
{ {
table->field[3]->store(tmp->db, strlen(tmp->db), cs); table->field[3]->store(db, strlen(db), cs);
table->field[3]->set_notnull(); table->field[3]->set_notnull();
} }
mysql_mutex_lock(&tmp->LOCK_thd_data);
if ((mysys_var= tmp->mysys_var)) if ((mysys_var= tmp->mysys_var))
mysql_mutex_lock(&mysys_var->mutex); mysql_mutex_lock(&mysys_var->mutex);
/* COMMAND */ /* COMMAND */
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment