• Marko Mäkelä's avatar
    MDEV-20316 InnoDB writes uninitialised tail of XID buffer · ae1d17f5
    Marko Mäkelä authored
    Starting with commit 210855ce
    Valgrind became aware that the unused tail of the buffer that
    is returned by thd_get_xid() is actually uninitialized.
    
    The problem should exist already in MySQL 5.0. I was able to
    repeat it on MariaDB Server 5.5 with some additional instrumentation.
    InnoDB is allocating 128+4+4 bytes for the XID and the lengths of
    its components, even when the XID is shorter than 64+64 bytes.
    In MariaDB Server 10.3, while running the test main.xa_binlog,
    in the xid_t::set() that is called by sql_yacc.yy, the 128-byte data
    buffer was uninitialized according to Valgrind, and only the first bytes
    were initialized. When the xid_t::data was copied to
    thd.transaction.xid_state.xid.data, it happened so that the entire
    target buffer was considered initialized. With MariaDB Server 10.4 since
    the said commit, Valgrind will correctly be detect the tail of the buffer
    as uninitialized.
    
    The impact of this bug is as follows:
    
    (1) InnoDB will write unnecessarily much redo log for XA PREPARE.
    (2) InnoDB will write garbage bytes to the redo log and undo log pages.
    (3) The garbage should be 'harmless', because on recovery, only the
    actual payload of the XID will be used, based on the written length.
    
    trx_rseg_write_wsrep_checkpoint(), trx_undo_write_xid(): Write only
    the actually used length of xid->data to the data page, and
    zero out the rest of the buffer by mlog_memset().
    ae1d17f5
trx0undo.cc 46.7 KB