Commit 59bc951a authored by Aditya A's avatar Aditya A

Bug#16268289 LOCK_REC_VALIDATE_PAGE() MAY DEREFERENCE A POINTER TO A

             FREED LOCK

ANALYIS
-------

In 5.5 code the lock_rec_block_validate() is called after releasing
the kernel mutex. There is a chance that the lock might be invalid so,
we are getting the valgrind error on invalid read on lock->index.

FIX
---

Fix would be to copy the lock->index when we are holding the kernel mutex 
and then pass it to the lock_rec_block_validate(). This implementation
is present in 5.1 code.  

[ Approved by sunny rb.no.oracle.com/rb/r/2152/ ]
parent 5d165fbd
...@@ -4980,6 +4980,7 @@ lock_rec_validate_page( ...@@ -4980,6 +4980,7 @@ lock_rec_validate_page(
{ {
const lock_t* lock; const lock_t* lock;
const rec_t* rec; const rec_t* rec;
dict_index_t* index;
ulint nth_lock = 0; ulint nth_lock = 0;
ulint nth_bit = 0; ulint nth_bit = 0;
ulint i; ulint i;
...@@ -5029,6 +5030,7 @@ lock_rec_validate_page( ...@@ -5029,6 +5030,7 @@ lock_rec_validate_page(
if (i == 1 || lock_rec_get_nth_bit(lock, i)) { if (i == 1 || lock_rec_get_nth_bit(lock, i)) {
index = lock->index;
rec = page_find_rec_with_heap_no(block->frame, i); rec = page_find_rec_with_heap_no(block->frame, i);
ut_a(rec); ut_a(rec);
offsets = rec_get_offsets(rec, lock->index, offsets, offsets = rec_get_offsets(rec, lock->index, offsets,
...@@ -5045,7 +5047,7 @@ lock_rec_validate_page( ...@@ -5045,7 +5047,7 @@ lock_rec_validate_page(
check WILL break the latching order and may check WILL break the latching order and may
cause a deadlock of threads. */ cause a deadlock of threads. */
lock_rec_queue_validate(block, rec, lock->index, lock_rec_queue_validate(block, rec, index,
offsets); offsets);
lock_mutex_enter_kernel(); lock_mutex_enter_kernel();
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment