3210 Marc Alff 2010-09-17
Bug#50557 checksum table crashes server when used in performance_schema
CHECKSUM TABLE for performance schema tables could cause uninitialized
memory reads.
The root cause is a design flaw in the implementation of
mysql_checksum_table(), which do not honor null fields.
However, fixing this bug in CHECKSUM TABLE is risky, as it can cause the
checksum value to change.
This fix implements a work around, to systematically reset fields values
even for null fields, so that the field memory representation is always
initialized with a known value.
modified:
storage/perfschema/pfs_engine_table.cc
3209 Marc Alff 2010-09-17 [merge]
local merge
modified:
sql/log.cc
sql/log.h
sql/sql_repl.cc
=== modified file 'storage/perfschema/pfs_engine_table.cc'
--- a/storage/perfschema/pfs_engine_table.cc 2010-08-12 14:08:52 +0000
+++ b/storage/perfschema/pfs_engine_table.cc 2010-09-17 19:03:09 +0000
@@ -223,6 +223,8 @@ int PFS_engine_table::read_row(TABLE *ta
Field **fields)
{
my_bitmap_map *org_bitmap;
+ Field *f;
+ Field **fields_reset;
/*
Make sure the table structure is as expected before mapping
@@ -240,6 +242,16 @@ int PFS_engine_table::read_row(TABLE *ta
/* We internally write to Fields to support the read interface */
org_bitmap= dbug_tmp_use_all_columns(table, table->write_set);
+
+ /*
+ Some callers of the storage engine interface do not honor the
+ f->is_null() flag, and will attempt to read the data itself.
+ A known offender is mysql_checksum_table().
+ For robustness, reset every field.
+ */
+ for (fields_reset= fields; (f= *fields_reset) ; fields_reset++)
+ f->reset();
+
int result= read_row_values(table, buf, fields, read_all);
dbug_tmp_restore_column_map(table->write_set, org_bitmap);
Attachment: [text/bzr-bundle] bzr/marc.alff@oracle.com-20100917190309-v5p85lkqmz9tph1w.bundle
| Thread |
|---|
| • bzr push into mysql-5.5-bugfixing branch (marc.alff:3209 to 3210) Bug#50557 | Marc Alff | 20 Sep |
