1berry/MariaDB-server
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Bug#11765252 - READ OF FREED MEMORY WHEN "USE DB" AND

Browse Source 
"SHOW PROCESSLIST"

Merging from 5.1 to 5.5
This commit is contained in:
Praveenkumar Hulakund 2013-08-21 10:44:22 +05:30
commit 7fffec875a
5 changed files with 33 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
mysql-test/include/have_valgrind.inc Normal file
View File

@ -0,0 +1,11 @@
# include/have_valgrind.inc
#
# If some test should be run with only valgrind then skip it while running test
# without it.
#
if (!$VALGRIND_TEST) {
--skip Need "--valgrind"
}

9
sql/sql_class.h
View File

@ -1,4 +1,4 @@
/* Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights reserved.
/* Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@ -2642,6 +2642,12 @@ public:
*/
bool set_db(const char *new_db, size_t new_db_len)
{
/*
Acquiring mutex LOCK_thd_data as we either free the memory allocated
for the database and reallocating the memory for the new db or memcpy
the new_db to the db.
*/
mysql_mutex_lock(&LOCK_thd_data);
/* Do not reallocate memory if current chunk is big enough. */
if (db && new_db && db_length >= new_db_len)
memcpy(db, new_db, new_db_len+1);
@ -2654,6 +2660,7 @@ public:
db= NULL;
}
db_length= db ? new_db_len : 0;
mysql_mutex_unlock(&LOCK_thd_data);
return new_db && !db;
}

7
sql/sql_db.cc
View File

@ -1,5 +1,5 @@
/*
Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved.
Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@ -1302,9 +1302,12 @@ static void mysql_change_db_impl(THD *thd,
we just call THD::reset_db(). Since THD::reset_db() does not releases
the previous database name, we should do it explicitly.
*/
mysql_mutex_lock(&thd->LOCK_thd_data);
if (thd->db)
my_free(thd->db);
DEBUG_SYNC(thd, "after_freeing_thd_db");
thd->reset_db(new_db_name->str, new_db_name->length);
mysql_mutex_unlock(&thd->LOCK_thd_data);
}
/* 2. Update security context. */

2
sql/sql_parse.cc
View File

@ -979,7 +979,9 @@ bool dispatch_command(enum enum_server_command command, THD *thd,
if (save_user_connect)
decrease_user_connections(save_user_connect);
#endif /* NO_EMBEDDED_ACCESS_CHECKS */
mysql_mutex_lock(&thd->LOCK_thd_data);
my_free(save_db);
mysql_mutex_unlock(&thd->LOCK_thd_data);
my_free(save_security_ctx.user);
}
break;

12
sql/sql_show.cc
View File

@ -1843,10 +1843,10 @@ void mysqld_list_processes(THD *thd,const char *user, bool verbose)
thd_info->host= thd->strdup(tmp_sctx->host_or_ip[0] ?
tmp_sctx->host_or_ip :
tmp_sctx->host ? tmp_sctx->host : "");
if ((thd_info->db=tmp->db)) // Safe test
thd_info->db=thd->strdup(thd_info->db);
thd_info->command=(int) tmp->command;
mysql_mutex_lock(&tmp->LOCK_thd_data);
if ((thd_info->db= tmp->db)) // Safe test
thd_info->db= thd->strdup(thd_info->db);
if ((mysys_var= tmp->mysys_var))
mysql_mutex_lock(&mysys_var->mutex);
thd_info->proc_info= (char*) (tmp->killed == THD::KILL_CONNECTION? "Killed" : 0);
@ -1920,7 +1920,7 @@ int fill_schema_processlist(THD* thd, TABLE_LIST* tables, COND* cond)
{
Security_context *tmp_sctx= tmp->security_ctx;
struct st_my_thread_var *mysys_var;
const char *val;
const char *val, *db;
if ((!tmp->vio_ok() && !tmp->system_thread) ||
(user && (!tmp_sctx->user || strcmp(tmp_sctx->user, user))))
@ -1946,13 +1946,13 @@ int fill_schema_processlist(THD* thd, TABLE_LIST* tables, COND* cond)
table->field[2]->store(tmp_sctx->host_or_ip,
strlen(tmp_sctx->host_or_ip), cs);
/* DB */
if (tmp->db)
mysql_mutex_lock(&tmp->LOCK_thd_data);
if ((db= tmp->db))
{
table->field[3]->store(tmp->db, strlen(tmp->db), cs);
table->field[3]->store(db, strlen(db), cs);
table->field[3]->set_notnull();
}
mysql_mutex_lock(&tmp->LOCK_thd_data);
if ((mysys_var= tmp->mysys_var))
mysql_mutex_lock(&mysys_var->mutex);
/* COMMAND */