• Marko Mäkelä's avatar
    MDEV-16136: Prevent wrong reuse in trx_reference() · fa2a74e0
    Marko Mäkelä authored
    If trx_free() and trx_create_low() were called while a call to
    trx_reference() was pending, we could get a reference to a wrong
    transaction object.
    
    trx_reference(): Return NULL if the trx->id no longer matches.
    
    lock_trx_release_locks(): Assign trx->id = 0, so that trx_reference()
    will not return a reference to this object.
    
    trx_cleanup_at_db_startup(): Assign trx->id = 0.
    
    assert_trx_is_free(): Assert !trx->n_ref. Assert trx->id == 0,
    now that it will be cleared as part of a transaction commit.
    fa2a74e0
trx0trx.cc 75.3 KB