From 88f49da8e08bb5027b6031fed04f82f2d9f552b7 Mon Sep 17 00:00:00 2001 From: Vladislav Vaintroub Date: Fri, 3 May 2024 21:48:26 +0200 Subject: [PATCH] MDEV-34063 tpool - integer overflow in multiplication. When calculating next wakeup timepoint for the timer thread, with large thread_pool_stall_limit values, 32bit int overflow can happen. Fixed by making one operand 8 byte large. Also fixed the type of tick_interval to be unsigned, so it does not go negative for very thread_pool_stall_limit. --- sql/threadpool_generic.cc | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/sql/threadpool_generic.cc b/sql/threadpool_generic.cc index d80cf0e08df..0bab82fba79 100644 --- a/sql/threadpool_generic.cc +++ b/sql/threadpool_generic.cc @@ -107,7 +107,7 @@ struct pool_timer_t mysql_cond_t cond; volatile uint64 current_microtime; std::atomic next_timeout_check; - int tick_interval; + uint tick_interval; bool shutdown; pthread_t timer_thread_id; }; @@ -577,7 +577,7 @@ static void* timer_thread(void *param) struct timespec ts; int err; - set_timespec_nsec(ts,timer->tick_interval*1000000); + set_timespec_nsec(ts, timer->tick_interval*1000000LL); mysql_mutex_lock(&timer->mutex); err= mysql_cond_timedwait(&timer->cond, &timer->mutex, &ts); if (timer->shutdown)