1berry/MariaDB-server
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Bug#51377 Crash in information_schema / processlist on concurrent DDL workload

Browse Source 
the fill_schema_processlist function accesses THD::query() without proper protection
    so the parallel thread killing can lead to access to the freed meemory.

per-file comments:
  sql/sql_load.cc
Bug#51377      Crash in information_schema / processlist on concurrent DDL workload
    the THD::set_query_inner() call needs to be protected.
    But here we don't need to change the original thd->query() at all.
  sql/sql_show.cc
Bug#51377      Crash in information_schema / processlist on concurrent DDL workload
    protect the THD::query() access with the THD::LOCK_thd_data mutex.
This commit is contained in:
Alexey Botchkov 2010-03-09 14:19:10 +04:00
parent 6d701d3e9c
commit e1addb0540
2 changed files with 6 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
sql/sql_load.cc
View File

@ -689,12 +689,10 @@ static bool write_execute_load_query_log_event(THD *thd, sql_exchange* ex,
strcpy(end, p); strcpy(end, p);
end += pl; end += pl;
thd->set_query_inner(load_data_query, end - load_data_query);
Execute_load_query_log_event Execute_load_query_log_event
e(thd, thd->query(), thd->query_length(), e(thd, load_data_query, end-load_data_query,
(uint) ((char*) fname_start - (char*) thd->query() - 1), (uint) ((char*) fname_start - load_data_query - 1),
(uint) ((char*) fname_end - (char*) thd->query()), (uint) ((char*) fname_end - load_data_query),
(duplicates == DUP_REPLACE) ? LOAD_DUP_REPLACE : (duplicates == DUP_REPLACE) ? LOAD_DUP_REPLACE :
(ignore ? LOAD_DUP_IGNORE : LOAD_DUP_ERROR), (ignore ? LOAD_DUP_IGNORE : LOAD_DUP_ERROR),
transactional_table, FALSE, errcode); transactional_table, FALSE, errcode);

3
sql/sql_show.cc
View File

@ -1991,6 +1991,8 @@ int fill_schema_processlist(THD* thd, TABLE_LIST* tables, COND* cond)
pthread_mutex_unlock(&mysys_var->mutex); pthread_mutex_unlock(&mysys_var->mutex);
/* INFO */ /* INFO */
/* Lock THD mutex that protects its data when looking at it. */
pthread_mutex_lock(&tmp->LOCK_thd_data);
if (tmp->query()) if (tmp->query())
{ {
table->field[7]->store(tmp->query(), table->field[7]->store(tmp->query(),
@ -1998,6 +2000,7 @@ int fill_schema_processlist(THD* thd, TABLE_LIST* tables, COND* cond)
tmp->query_length()), cs); tmp->query_length()), cs);
table->field[7]->set_notnull(); table->field[7]->set_notnull();
} }
pthread_mutex_unlock(&tmp->LOCK_thd_data);
if (schema_table_store_record(thd, table)) if (schema_table_store_record(thd, table))
{ {