From a1e5201488c215ba2d6c374cd7a2c61716d8e438 Mon Sep 17 00:00:00 2001 From: Alexander Barkov Date: Fri, 24 Mar 2017 15:59:58 +0400 Subject: [PATCH] MDEV-12357 Invalid read of size 8 in Type_aggregator::Type_aggregator() --- sql/mysqld.cc | 8 ++++++ sql/sql_type.cc | 73 +++++++++++++++++++++++-------------------------- sql/sql_type.h | 13 +++++++-- 3 files changed, 53 insertions(+), 41 deletions(-) diff --git a/sql/mysqld.cc b/sql/mysqld.cc index ce3b69ae08f..f8fedbd1032 100644 --- a/sql/mysqld.cc +++ b/sql/mysqld.cc @@ -2221,6 +2221,7 @@ void clean_up(bool print_message) #endif wsrep_thr_deinit(); my_uuid_end(); + delete type_handler_data; delete binlog_filter; delete global_rpl_filter; end_ssl(); @@ -4126,6 +4127,13 @@ static int init_common_variables() sf_malloc_dbug_id= mariadb_dbug_id; #endif + if (!(type_handler_data= new Type_handler_data) || + type_handler_data->init()) + { + sql_perror("Could not allocate type_handler_data"); + return 1; + } + max_system_variables.pseudo_thread_id= ~(my_thread_id) 0; server_start_time= flush_status_time= my_time(0); my_disable_copystat_in_redel= 1; diff --git a/sql/sql_type.cc b/sql/sql_type.cc index 7044f7eb4bc..f9d7586f784 100644 --- a/sql/sql_type.cc +++ b/sql/sql_type.cc @@ -57,47 +57,40 @@ Type_handler_geometry type_handler_geometry; #endif -Type_aggregator type_aggregator_for_result; -Type_aggregator type_aggregator_for_comparison; - - -class Static_data_initializer +bool Type_handler_data::init() { -public: - static Static_data_initializer m_singleton; - Static_data_initializer() - { #ifdef HAVE_SPATIAL - type_aggregator_for_result.add(&type_handler_geometry, - &type_handler_null, - &type_handler_geometry); - type_aggregator_for_result.add(&type_handler_geometry, - &type_handler_geometry, - &type_handler_geometry); - type_aggregator_for_result.add(&type_handler_geometry, - &type_handler_blob, - &type_handler_long_blob); - type_aggregator_for_result.add(&type_handler_geometry, - &type_handler_varchar, - &type_handler_long_blob); - type_aggregator_for_result.add(&type_handler_geometry, - &type_handler_string, - &type_handler_long_blob); - - type_aggregator_for_comparison.add(&type_handler_geometry, - &type_handler_geometry, - &type_handler_geometry); - type_aggregator_for_comparison.add(&type_handler_geometry, - &type_handler_null, - &type_handler_geometry); - type_aggregator_for_comparison.add(&type_handler_geometry, - &type_handler_long_blob, - &type_handler_long_blob); + return + m_type_aggregator_for_result.add(&type_handler_geometry, + &type_handler_null, + &type_handler_geometry) || + m_type_aggregator_for_result.add(&type_handler_geometry, + &type_handler_geometry, + &type_handler_geometry) || + m_type_aggregator_for_result.add(&type_handler_geometry, + &type_handler_blob, + &type_handler_long_blob) || + m_type_aggregator_for_result.add(&type_handler_geometry, + &type_handler_varchar, + &type_handler_long_blob) || + m_type_aggregator_for_result.add(&type_handler_geometry, + &type_handler_string, + &type_handler_long_blob) || + m_type_aggregator_for_comparison.add(&type_handler_geometry, + &type_handler_geometry, + &type_handler_geometry) || + m_type_aggregator_for_comparison.add(&type_handler_geometry, + &type_handler_null, + &type_handler_geometry) || + m_type_aggregator_for_comparison.add(&type_handler_geometry, + &type_handler_long_blob, + &type_handler_long_blob); #endif - } -}; + return false; +} -Static_data_initializer Static_data_initializer::m_singleton; + +Type_handler_data *type_handler_data= NULL; void Type_std_attributes::set(const Field *field) @@ -293,7 +286,8 @@ Type_handler_hybrid_field_type::aggregate_for_result(const Type_handler *other) Type_handler::aggregate_for_result_traditional(m_type_handler, other); return false; } - other= type_aggregator_for_result.find_handler(m_type_handler, other); + other= type_handler_data-> + m_type_aggregator_for_result.find_handler(m_type_handler, other); if (!other) return true; m_type_handler= other; @@ -407,7 +401,8 @@ Type_handler_hybrid_field_type::aggregate_for_comparison(const Type_handler *h) if (!m_type_handler->is_traditional_type() || !h->is_traditional_type()) { - h= type_aggregator_for_comparison.find_handler(m_type_handler, h); + h= type_handler_data-> + m_type_aggregator_for_comparison.find_handler(m_type_handler, h); if (!h) return true; m_type_handler= h; diff --git a/sql/sql_type.h b/sql/sql_type.h index 3ac9324bd22..963e10a57a7 100644 --- a/sql/sql_type.h +++ b/sql/sql_type.h @@ -1522,7 +1522,16 @@ public: } }; -extern Type_aggregator type_aggregator_for_result; -extern Type_aggregator type_aggregator_for_comparison; + +class Type_handler_data +{ +public: + Type_aggregator m_type_aggregator_for_result; + Type_aggregator m_type_aggregator_for_comparison; + bool init(); +}; + + +extern Type_handler_data *type_handler_data; #endif /* SQL_TYPE_H_INCLUDED */