Commit 30db8445 authored by unknown's avatar unknown

protection: TRASH in delete

fixed a bug that it discovered


include/my_sys.h:
  move TRASH to my_sys.h from sql_list.h
sql/field.h:
  use TRASH macro
sql/item.h:
  TRASH in delete
sql/item_func.h:
  never delete item's manually!
sql/opt_range.cc:
  TRASH in delete
sql/sql_lex.h:
  TRASH in delete
sql/sql_list.h:
  move TRASH to my_sys.h from sql_list.h
sql/sql_parse.cc:
  don't use properties of deleted objects (even when it's safe)
sql/sql_select.cc:
  TRASH in delete
sql/sql_show.cc:
  TRASH in delete
sql/sql_string.h:
  TRASH in delete
parent 7a1ffc06
...@@ -138,6 +138,7 @@ extern int NEAR my_errno; /* Last error in mysys */ ...@@ -138,6 +138,7 @@ extern int NEAR my_errno; /* Last error in mysys */
#define my_memdup(A,B,C) _my_memdup((A),(B), __FILE__,__LINE__,C) #define my_memdup(A,B,C) _my_memdup((A),(B), __FILE__,__LINE__,C)
#define my_strdup(A,C) _my_strdup((A), __FILE__,__LINE__,C) #define my_strdup(A,C) _my_strdup((A), __FILE__,__LINE__,C)
#define my_strdup_with_length(A,B,C) _my_strdup_with_length((A),(B),__FILE__,__LINE__,C) #define my_strdup_with_length(A,B,C) _my_strdup_with_length((A),(B),__FILE__,__LINE__,C)
#define TRASH(A,B) bfill(A, B, 0x8F)
#define QUICK_SAFEMALLOC sf_malloc_quick=1 #define QUICK_SAFEMALLOC sf_malloc_quick=1
#define NORMAL_SAFEMALLOC sf_malloc_quick=0 #define NORMAL_SAFEMALLOC sf_malloc_quick=0
extern uint sf_malloc_prehunc,sf_malloc_endhunc,sf_malloc_quick; extern uint sf_malloc_prehunc,sf_malloc_endhunc,sf_malloc_quick;
...@@ -164,6 +165,7 @@ extern char *my_strdup_with_length(const byte *from, uint length, ...@@ -164,6 +165,7 @@ extern char *my_strdup_with_length(const byte *from, uint length,
#define CALLER_INFO_PROTO /* nothing */ #define CALLER_INFO_PROTO /* nothing */
#define CALLER_INFO /* nothing */ #define CALLER_INFO /* nothing */
#define ORIG_CALLER_INFO /* nothing */ #define ORIG_CALLER_INFO /* nothing */
#define TRASH(A,B) /* nothing */
#endif #endif
#ifdef HAVE_ALLOCA #ifdef HAVE_ALLOCA
......
...@@ -37,11 +37,7 @@ class Field ...@@ -37,11 +37,7 @@ class Field
void operator=(Field &); void operator=(Field &);
public: public:
static void *operator new(size_t size) {return (void*) sql_alloc((uint) size); } static void *operator new(size_t size) {return (void*) sql_alloc((uint) size); }
static void operator delete(void *ptr_arg, size_t size) { static void operator delete(void *ptr_arg, size_t size) { TRASH(ptr_arg, size); }
#ifdef SAFEMALLOC
bfill(ptr_arg, size, 0x8F);
#endif
}
char *ptr; // Position to field in record char *ptr; // Position to field in record
uchar *null_ptr; // Byte where null_bit is uchar *null_ptr; // Byte where null_bit is
......
...@@ -120,8 +120,9 @@ class Item { ...@@ -120,8 +120,9 @@ class Item {
static void *operator new(size_t size) {return (void*) sql_alloc((uint) size); } static void *operator new(size_t size) {return (void*) sql_alloc((uint) size); }
static void *operator new(size_t size, MEM_ROOT *mem_root) static void *operator new(size_t size, MEM_ROOT *mem_root)
{ return (void*) alloc_root(mem_root, (uint) size); } { return (void*) alloc_root(mem_root, (uint) size); }
static void operator delete(void *ptr,size_t size) {} static void operator delete(void *ptr,size_t size) { TRASH(ptr, size); }
static void operator delete(void *ptr,size_t size, MEM_ROOT *mem_root) {} static void operator delete(void *ptr,size_t size, MEM_ROOT *mem_root)
{ TRASH(ptr, size); }
enum Type {FIELD_ITEM, FUNC_ITEM, SUM_FUNC_ITEM, STRING_ITEM, enum Type {FIELD_ITEM, FUNC_ITEM, SUM_FUNC_ITEM, STRING_ITEM,
INT_ITEM, REAL_ITEM, NULL_ITEM, VARBIN_ITEM, INT_ITEM, REAL_ITEM, NULL_ITEM, VARBIN_ITEM,
......
...@@ -1035,11 +1035,7 @@ class Item_func_match :public Item_real_func ...@@ -1035,11 +1035,7 @@ class Item_func_match :public Item_real_func
table->file->ft_handler=0; table->file->ft_handler=0;
table->fulltext_searched=0; table->fulltext_searched=0;
} }
if (concat) concat= 0;
{
delete concat;
concat= 0;
}
DBUG_VOID_RETURN; DBUG_VOID_RETURN;
} }
enum Functype functype() const { return FT_FUNC; } enum Functype functype() const { return FT_FUNC; }
......
...@@ -1360,7 +1360,7 @@ class TABLE_READ_PLAN ...@@ -1360,7 +1360,7 @@ class TABLE_READ_PLAN
/* Table read plans are allocated on MEM_ROOT and are never deleted */ /* Table read plans are allocated on MEM_ROOT and are never deleted */
static void *operator new(size_t size, MEM_ROOT *mem_root) static void *operator new(size_t size, MEM_ROOT *mem_root)
{ return (void*) alloc_root(mem_root, (uint) size); } { return (void*) alloc_root(mem_root, (uint) size); }
static void operator delete(void *ptr,size_t size) {} static void operator delete(void *ptr,size_t size) { TRASH(ptr, size); }
}; };
class TRP_ROR_INTERSECT; class TRP_ROR_INTERSECT;
......
...@@ -283,8 +283,9 @@ class st_select_lex_node { ...@@ -283,8 +283,9 @@ class st_select_lex_node {
} }
static void *operator new(size_t size, MEM_ROOT *mem_root) static void *operator new(size_t size, MEM_ROOT *mem_root)
{ return (void*) alloc_root(mem_root, (uint) size); } { return (void*) alloc_root(mem_root, (uint) size); }
static void operator delete(void *ptr,size_t size) {} static void operator delete(void *ptr,size_t size) { TRASH(ptr, size); }
static void operator delete(void *ptr,size_t size, MEM_ROOT *mem_root) {} static void operator delete(void *ptr,size_t size, MEM_ROOT *mem_root)
{ TRASH(ptr, size); }
st_select_lex_node(): linkage(UNSPECIFIED_TYPE) {} st_select_lex_node(): linkage(UNSPECIFIED_TYPE) {}
virtual ~st_select_lex_node() {} virtual ~st_select_lex_node() {}
inline st_select_lex_node* get_master() { return master; } inline st_select_lex_node* get_master() { return master; }
...@@ -820,7 +821,8 @@ struct st_lex_local: public st_lex ...@@ -820,7 +821,8 @@ struct st_lex_local: public st_lex
{ {
return (void*) alloc_root(mem_root, (uint) size); return (void*) alloc_root(mem_root, (uint) size);
} }
static void operator delete(void *ptr,size_t size) {} static void operator delete(void *ptr,size_t size)
{ TRASH(ptr, size); }
}; };
void lex_init(void); void lex_init(void);
......
...@@ -21,12 +21,6 @@ ...@@ -21,12 +21,6 @@
/* mysql standard class memory allocator */ /* mysql standard class memory allocator */
#ifdef SAFEMALLOC
#define TRASH(XX,YY) bfill((XX), (YY), 0x8F)
#else
#define TRASH(XX,YY) /* no-op */
#endif
class Sql_alloc class Sql_alloc
{ {
public: public:
......
...@@ -1175,9 +1175,13 @@ extern "C" pthread_handler_decl(handle_bootstrap,arg) ...@@ -1175,9 +1175,13 @@ extern "C" pthread_handler_decl(handle_bootstrap,arg)
void free_items(Item *item) void free_items(Item *item)
{ {
Item *next;
DBUG_ENTER("free_items"); DBUG_ENTER("free_items");
for (; item ; item=item->next) for (; item ; item=next)
{
next=item->next;
item->delete_self(); item->delete_self();
}
DBUG_VOID_RETURN; DBUG_VOID_RETURN;
} }
......
...@@ -6025,9 +6025,13 @@ static void clear_tables(JOIN *join) ...@@ -6025,9 +6025,13 @@ static void clear_tables(JOIN *join)
class COND_CMP :public ilink { class COND_CMP :public ilink {
public: public:
static void *operator new(size_t size) {return (void*) sql_alloc((uint) size); } static void *operator new(size_t size)
{
return (void*) sql_alloc((uint) size);
}
static void operator delete(void *ptr __attribute__((unused)), static void operator delete(void *ptr __attribute__((unused)),
size_t size __attribute__((unused))) {} /*lint -e715 */ size_t size __attribute__((unused)))
{ TRASH(ptr, size); }
Item *and_level; Item *and_level;
Item_func *cmp_func; Item_func *cmp_func;
......
...@@ -1257,9 +1257,13 @@ view_store_create_info(THD *thd, TABLE_LIST *table, String *buff) ...@@ -1257,9 +1257,13 @@ view_store_create_info(THD *thd, TABLE_LIST *table, String *buff)
class thread_info :public ilink { class thread_info :public ilink {
public: public:
static void *operator new(size_t size) {return (void*) sql_alloc((uint) size); } static void *operator new(size_t size)
{
return (void*) sql_alloc((uint) size);
}
static void operator delete(void *ptr __attribute__((unused)), static void operator delete(void *ptr __attribute__((unused)),
size_t size __attribute__((unused))) {} /*lint -e715 */ size_t size __attribute__((unused)))
{ TRASH(ptr, size); }
ulong thread_id; ulong thread_id;
time_t start_time; time_t start_time;
......
...@@ -72,9 +72,9 @@ class String ...@@ -72,9 +72,9 @@ class String
static void *operator new(size_t size, MEM_ROOT *mem_root) static void *operator new(size_t size, MEM_ROOT *mem_root)
{ return (void*) alloc_root(mem_root, (uint) size); } { return (void*) alloc_root(mem_root, (uint) size); }
static void operator delete(void *ptr_arg,size_t size) static void operator delete(void *ptr_arg,size_t size)
{} { TRASH(ptr_arg, size); }
static void operator delete(void *ptr_arg,size_t size, MEM_ROOT *mem_root) static void operator delete(void *ptr_arg,size_t size, MEM_ROOT *mem_root)
{} { TRASH(ptr_arg, size); }
~String() { free(); } ~String() { free(); }
inline void set_charset(CHARSET_INFO *charset) { str_charset= charset; } inline void set_charset(CHARSET_INFO *charset) { str_charset= charset; }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment