Skip to content

M
MariaDB
Commit 7b4de104 authored by Jan Lindström's avatar Jan Lindström
Browse files
Options

MDEV-20378: Galera uses uninitialized memory 

Problem was that wsrep thread argument was deleted on wrong
place. Furthermore, scan method incorrectly used unsafe c_ptr().
Finally, fixed wsrep thread initialization to correctly set
up thread_id and pass correct argument to functions and
fix signess problem causing compiler errors.
parent c5bc0ced
Hide whitespace changes
Inline Side-by-side
Showing with 30 additions and 26 deletions
sql/wsrep_mysqld.cc
View file @ 7b4de104
......@@ -2696,7 +2696,7 @@ void* start_wsrep_THD(void *arg)
WSREP_DEBUG("wsrep system thread %llu, %p starting",
thd->thread_id, thd);
thd_args->fun()(thd, thd_args->args());
thd_args->fun()(thd, static_cast<void *>(thd_args));
WSREP_DEBUG("wsrep system thread: %llu, %p closing",
thd->thread_id, thd);
......@@ -2707,8 +2707,6 @@ void* start_wsrep_THD(void *arg)
close_connection(thd, 0);
delete thd_args;
mysql_mutex_lock(&LOCK_wsrep_slave_threads);
DBUG_ASSERT(wsrep_running_threads > 0);
wsrep_running_threads--;
......@@ -2727,6 +2725,7 @@ void* start_wsrep_THD(void *arg)
break;
}
delete thd_args;
WSREP_DEBUG("wsrep running threads now: %lu", wsrep_running_threads);
mysql_cond_broadcast(&COND_wsrep_slave_threads);
mysql_mutex_unlock(&LOCK_wsrep_slave_threads);
......
sql/wsrep_mysqld.h
View file @ 7b4de104
......@@ -411,18 +411,17 @@ typedef void (*wsrep_thd_processor_fun)(THD*, void *);
class Wsrep_thd_args
{
public:
Wsrep_thd_args(wsrep_thd_processor_fun fun, void* args,
wsrep_thread_type thread_type)
Wsrep_thd_args(wsrep_thd_processor_fun fun,
wsrep_thread_type thread_type,
pthread_t thread_id)
:
fun_ (fun),
args_ (args),
thread_type_ (thread_type)
thread_type_ (thread_type),
thread_id_ (thread_id)
{ }
wsrep_thd_processor_fun fun() { return fun_; }
void* args() { return args_; }
pthread_t* thread_id() {return &thread_id_; }
enum wsrep_thread_type thread_type() {return thread_type_;}
private:
......@@ -431,8 +430,8 @@ class Wsrep_thd_args
Wsrep_thd_args& operator=(const Wsrep_thd_args&);
wsrep_thd_processor_fun fun_;
void* args_;
enum wsrep_thread_type thread_type_;
pthread_t thread_id_;
};
void* start_wsrep_THD(void*);
......
sql/wsrep_schema.cc
View file @ 7b4de104
......@@ -474,7 +474,9 @@ static int scan(TABLE* table, uint field, char* strbuf, uint strbuf_len)
{
String str;
(void)table->field[field]->val_str(&str);
strncpy(strbuf, str.c_ptr(), std::min(str.length(), strbuf_len));
LEX_CSTRING tmp= str.lex_cstring();
uint len = tmp.length;
strncpy(strbuf, tmp.str, std::min(len, strbuf_len));
strbuf[strbuf_len - 1]= '\0';
return 0;
}
......
sql/wsrep_sst.cc
View file @ 7b4de104
......@@ -640,7 +640,7 @@ static ssize_t sst_prepare_other (const char* method,
const char** addr_out)
{
bool extra_args;
size_t const cmd_len= estimate_cmd_len(&extra_args);
ssize_t const cmd_len= estimate_cmd_len(&extra_args);
wsp::string cmd_str(cmd_len);
if (!cmd_str())
......@@ -953,7 +953,7 @@ static int sst_donate_mysqldump (const char* addr,
memcpy(host, address.get_address(), address.get_address_len());
int port= address.get_port();
bool extra_args;
size_t const cmd_len= estimate_cmd_len(&extra_args);
ssize_t const cmd_len= estimate_cmd_len(&extra_args);
wsp::string cmd_str(cmd_len);
if (!cmd_str())
......@@ -1350,7 +1350,7 @@ static int sst_donate_other (const char* method,
char** env) // carries auth info
{
bool extra_args;
size_t const cmd_len= estimate_cmd_len(&extra_args);
ssize_t const cmd_len= estimate_cmd_len(&extra_args);
wsp::string cmd_str(cmd_len);
if (!cmd_str())
......
sql/wsrep_thd.cc
View file @ 7b4de104
......@@ -86,7 +86,7 @@ static void wsrep_replication_process(THD *thd,
static bool create_wsrep_THD(Wsrep_thd_args* args)
{
ulong old_wsrep_running_threads= wsrep_running_threads;
pthread_t unused;
#ifdef HAVE_PSI_THREAD_INTERFACE
PSI_thread_key key;
......@@ -103,7 +103,7 @@ static bool create_wsrep_THD(Wsrep_thd_args* args)
break;
}
#endif
bool res= mysql_thread_create(key, &unused, &connection_attrib,
bool res= mysql_thread_create(key, args->thread_id(), &connection_attrib,
start_wsrep_THD, (void*)args);
/*
if starting a thread on server startup, wait until the this thread's THD
......@@ -123,9 +123,9 @@ void wsrep_create_appliers(long threads)
/* Dont' start slave threads if wsrep-provider or wsrep-cluster-address
is not set.
*/
if (!WSREP_PROVIDER_EXISTS)
if (!WSREP_PROVIDER_EXISTS)
{
return;
return;
}
if (!wsrep_cluster_address || wsrep_cluster_address[0]== 0)
......@@ -135,11 +135,12 @@ void wsrep_create_appliers(long threads)
}
long wsrep_threads=0;
while (wsrep_threads++ < threads)
{
Wsrep_thd_args* args(new Wsrep_thd_args(wsrep_replication_process, 0,
WSREP_APPLIER_THREAD));
Wsrep_thd_args* args(new Wsrep_thd_args(wsrep_replication_process,
WSREP_APPLIER_THREAD,
pthread_self()));
if (create_wsrep_THD(args))
{
WSREP_WARN("Can't create thread to manage wsrep replication");
......@@ -328,16 +329,19 @@ void wsrep_create_rollbacker()
{
if (wsrep_cluster_address && wsrep_cluster_address[0] != 0)
{
Wsrep_thd_args* args= new Wsrep_thd_args(wsrep_rollback_process, 0,
WSREP_ROLLBACKER_THREAD);
Wsrep_thd_args* args(new Wsrep_thd_args(wsrep_rollback_process,
WSREP_ROLLBACKER_THREAD,
pthread_self()));
/* create rollbacker */
if (create_wsrep_THD(args))
WSREP_WARN("Can't create thread to manage wsrep rollback");
/* create post_rollbacker */
args= new Wsrep_thd_args(wsrep_post_rollback_process, 0,
WSREP_ROLLBACKER_THREAD);
args= new Wsrep_thd_args(wsrep_post_rollback_process,
WSREP_ROLLBACKER_THREAD,
pthread_self());
if (create_wsrep_THD(args))
WSREP_WARN("Can't create thread to manage wsrep post rollback");
}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7