From 42cea00e036c1191b7c9251ac1e123df8273d86c Mon Sep 17 00:00:00 2001
From: unknown <sven@murkla.(none)>
Date: Wed, 3 Oct 2007 11:57:14 +0200
Subject: [PATCH] BUG#30752 rpl_dual_pos_advance valgrind (jump depends on
 uninitialized LOG_INFO) Problem: one thread could read uninitialized memory
 from (the stack of) another thread. Fix: swapped order of initializing the
 memory and making it available to the other thread. Fix: put lock around the
 statement that makes the memory available to the other thread. Fix: all
 fields of the struct are now initialized in the constructor, to avoid future
 problems.

sql/sql_class.h:
  Initialize all members in constructor for more safe future code.
sql/sql_repl.cc:
  Swap order so that linfo is first initialized, then assigned, instead of the
  other way around.
  Put a lock around the assignment. We use LOCK_thread_count since log_in_use
  uses it: log_in_use may be running concurrently, called from
  MYSQL_LOG::purge_logs.
---
 sql/sql_class.h |  8 +++++++-
 sql/sql_repl.cc | 10 ++++++++--
 2 files changed, 15 insertions(+), 3 deletions(-)

diff --git a/sql/sql_class.h b/sql/sql_class.h
index 4fac86dc405..a96000a0598 100644
--- a/sql/sql_class.h
+++ b/sql/sql_class.h
@@ -159,7 +159,13 @@ typedef struct st_log_info
   my_off_t pos;
   bool fatal; // if the purge happens to give us a negative offset
   pthread_mutex_t lock;
-  st_log_info():fatal(0) { pthread_mutex_init(&lock, MY_MUTEX_INIT_FAST);}
+  st_log_info()
+    : index_file_offset(0), index_file_start_offset(0),
+      pos(0), fatal(0)
+  {
+    log_file_name[0] = '\0';
+    pthread_mutex_init(&lock, MY_MUTEX_INIT_FAST);
+  }
   ~st_log_info() { pthread_mutex_destroy(&lock);}
 } LOG_INFO;
 
diff --git a/sql/sql_repl.cc b/sql/sql_repl.cc
index 9cc0ba7c29a..903d254db8f 100644
--- a/sql/sql_repl.cc
+++ b/sql/sql_repl.cc
@@ -364,7 +364,6 @@ void mysql_binlog_send(THD* thd, char* log_ident, my_off_t pos,
     name=0;					// Find first log
 
   linfo.index_file_offset = 0;
-  thd->current_linfo = &linfo;
 
   if (mysql_bin_log.find_log_pos(&linfo, name, 1))
   {
@@ -373,6 +372,10 @@ void mysql_binlog_send(THD* thd, char* log_ident, my_off_t pos,
     goto err;
   }
 
+  pthread_mutex_lock(&LOCK_thread_count);
+  thd->current_linfo = &linfo;
+  pthread_mutex_unlock(&LOCK_thread_count);
+
   if ((file=open_binlog(&log, log_file_name, &errmsg)) < 0)
   {
     my_errno= ER_MASTER_FATAL_ERROR_READING_BINLOG;
@@ -1338,7 +1341,6 @@ bool mysql_show_binlog_events(THD* thd)
       name=0;					// Find first log
 
     linfo.index_file_offset = 0;
-    thd->current_linfo = &linfo;
 
     if (mysql_bin_log.find_log_pos(&linfo, name, 1))
     {
@@ -1346,6 +1348,10 @@ bool mysql_show_binlog_events(THD* thd)
       goto err;
     }
 
+    pthread_mutex_lock(&LOCK_thread_count);
+    thd->current_linfo = &linfo;
+    pthread_mutex_unlock(&LOCK_thread_count);
+
     if ((file=open_binlog(&log, linfo.log_file_name, &errmsg)) < 0)
       goto err;