3146 Jon Olav Hauglid 2010-09-28
Bug #46165 server crash in dbug
This crash occured if the same debug trace file was closed twice,
leading to the same memory being free'd twice. This could occur
if the "debug" server system variable refered to the same trace
file in both global and session scope.
Example of an order of events that would lead to a crash:
1) Enable debug tracing to a trace file (global scope)
2) Enable debug tracing to the same trace file (session scope)
3) Reset debug settings (global scope)
4) Reset debug settings (session scope)
This caused a crash because the trace file was, by mistake, closed
in 3), leading to the same memory being free'd twice when the file
was closed again in 4).
Internally, the debug settings are stored in a stack, with session
settings (if any) on top and the global settings below. Each connection
has its own stack. When a set of settings is changed, it must be
determined if its debug trace file is to be closed. Before, this was done
by only checking below on the settings stack. So if the global settings
were changed, an existing debug trace file reference in session settings
would be missed. This caused the file to be closed even if it was in use,
leading to a crash later when it was closed again.
This patch fixes the problem by preventing the trace file from being shared
between global and session settings. If session debug settings are set without
specifying a new trace file, stderr is used for output. This is a change
in behaviour and should be reflected in the documentation.
Test case added to variables.test.
modified:
dbug/dbug.c
mysql-test/r/variables.result
mysql-test/t/variables.test
3145 Jon Olav Hauglid 2010-09-24
Bug #56678 Valgrind warnings from binlog.binlog_unsafe
After the patch for Bug#54579, multi inserts done with INSERT DELAYED
are binlogged as normal INSERT. During processing of the statement,
a new query string without the DELAYED keyword is made. The problem
was that this new string was incorrectly made when the INSERT DELAYED
was part of a prepared statement - data was read outside the allocated
buffer.
The reason for this bug was that a pointer to the position of the
DELAYED keyword inside the query string was stored when parsing the
statement. This pointer was then later (at runtime) used (via pointer
subtraction) to find the number of characters to skip when making a
new query string without DELAYED. But when the statement was re-executed
as part of a prepared statement, the original pointer would be invalid
and the pointer subtraction would give a wrong/random result.
This patch fixes the problem by instead storing the offsets from the
beginning of the query string to the start and end of the DELAYED
keyword. These values will not depend on the memory position
of the query string at runtime and therefore not give wrong results
when the statement is executed in a prepared statement.
This bug was a regression introduced by the patch for Bug#54579.
No test case added as this bug is already covered by the existing
binlog.binlog_unsafe test case when running with valgrind.
modified:
sql/sql_insert.cc
sql/sql_lex.h
sql/sql_yacc.yy
=== modified file 'dbug/dbug.c'
--- a/dbug/dbug.c 2010-09-15 11:33:22 +0000
+++ b/dbug/dbug.c 2010-09-28 09:07:58 +0000
@@ -515,11 +515,16 @@ int DbugParse(CODE_STATE *cs, const char
stack->maxdepth= stack->next->maxdepth;
stack->sub_level= stack->next->sub_level;
strcpy(stack->name, stack->next->name);
- stack->out_file= stack->next->out_file;
stack->prof_file= stack->next->prof_file;
if (stack->next == &init_settings)
{
- /* never share with the global parent - it can change under your feet */
+ /*
+ Never share with the global parent - it can change under your feet.
+
+ Reset out_file to stderr to prevent sharing of trace files between
+ global and session settings.
+ */
+ stack->out_file= stderr;
stack->functions= ListCopy(init_settings.functions);
stack->p_functions= ListCopy(init_settings.p_functions);
stack->keywords= ListCopy(init_settings.keywords);
@@ -527,6 +532,7 @@ int DbugParse(CODE_STATE *cs, const char
}
else
{
+ stack->out_file= stack->next->out_file;
stack->functions= stack->next->functions;
stack->p_functions= stack->next->p_functions;
stack->keywords= stack->next->keywords;
=== modified file 'mysql-test/r/variables.result'
--- a/mysql-test/r/variables.result 2010-07-27 10:25:53 +0000
+++ b/mysql-test/r/variables.result 2010-09-28 09:07:58 +0000
@@ -1699,3 +1699,47 @@ set @@session.autocommit=t1_min(), @@ses
drop table t1;
drop function t1_min;
drop function t1_max;
+#
+# Bug#46165 server crash in dbug
+#
+SET @old_globaldebug = @@global.debug;
+SET @old_sessiondebug= @@session.debug;
+# Test 1 - Bug test case, single connection
+SET GLOBAL debug= '+O,../../log/bug46165.1.trace';
+SET SESSION debug= '-d:-t:-i';
+SET GLOBAL debug= '';
+SET SESSION debug= '';
+# Test 2 - Bug test case, two connections
+# Connection default
+SET GLOBAL debug= '+O,../../log/bug46165.2.trace';
+SET SESSION debug= '-d:-t:-i';
+# Connection con1
+SET GLOBAL debug= '';
+# Connection default
+SET SESSION debug= '';
+# Connection con1
+# Connection default
+SET GLOBAL debug= '';
+# Test 3 - Active session trace file on disconnect
+# Connection con1
+SET GLOBAL debug= '+O,../../log/bug46165.3.trace';
+SET SESSION debug= '-d:-t:-i';
+SET GLOBAL debug= '';
+# Test 4 - Active session trace file on two connections
+# Connection default
+SET GLOBAL debug= '+O,../../log/bug46165.4.trace';
+SET SESSION debug= '-d:-t:-i';
+# Connection con1
+SET SESSION debug= '-d:-t:-i';
+SET GLOBAL debug= '';
+SET SESSION debug= '';
+# Connection default
+SET SESSION debug= '';
+# Connection con1
+# Connection default
+# Test 5 - Different trace files
+SET SESSION debug= '+O,../../log/bug46165.5.trace';
+SET SESSION debug= '+O,../../log/bug46165.6.trace';
+SET SESSION debug= '-O';
+SET GLOBAL debug= @old_globaldebug;
+SET SESSION debug= @old_sessiondebug;
=== modified file 'mysql-test/t/variables.test'
--- a/mysql-test/t/variables.test 2010-07-27 10:25:53 +0000
+++ b/mysql-test/t/variables.test 2010-09-28 09:07:58 +0000
@@ -1432,3 +1432,78 @@ drop function t1_max;
###########################################################################
+
+
+--echo #
+--echo # Bug#46165 server crash in dbug
+--echo #
+
+SET @old_globaldebug = @@global.debug;
+SET @old_sessiondebug= @@session.debug;
+
+--echo # Test 1 - Bug test case, single connection
+SET GLOBAL debug= '+O,../../log/bug46165.1.trace';
+SET SESSION debug= '-d:-t:-i';
+
+SET GLOBAL debug= '';
+SET SESSION debug= '';
+
+--echo # Test 2 - Bug test case, two connections
+--echo # Connection default
+connection default;
+SET GLOBAL debug= '+O,../../log/bug46165.2.trace';
+SET SESSION debug= '-d:-t:-i';
+
+--echo # Connection con1
+connect (con1, localhost, root);
+SET GLOBAL debug= '';
+
+--echo # Connection default
+connection default;
+SET SESSION debug= '';
+--echo # Connection con1
+connection con1;
+disconnect con1;
+--source include/wait_until_disconnected.inc
+--echo # Connection default
+connection default;
+SET GLOBAL debug= '';
+
+--echo # Test 3 - Active session trace file on disconnect
+--echo # Connection con1
+connect (con1, localhost, root);
+SET GLOBAL debug= '+O,../../log/bug46165.3.trace';
+SET SESSION debug= '-d:-t:-i';
+SET GLOBAL debug= '';
+disconnect con1;
+--source include/wait_until_disconnected.inc
+
+--echo # Test 4 - Active session trace file on two connections
+--echo # Connection default
+connection default;
+SET GLOBAL debug= '+O,../../log/bug46165.4.trace';
+SET SESSION debug= '-d:-t:-i';
+
+--echo # Connection con1
+connect (con1, localhost, root);
+SET SESSION debug= '-d:-t:-i';
+SET GLOBAL debug= '';
+SET SESSION debug= '';
+
+--echo # Connection default
+connection default;
+SET SESSION debug= '';
+--echo # Connection con1
+connection con1;
+disconnect con1;
+--source include/wait_until_disconnected.inc
+--echo # Connection default
+connection default;
+
+--echo # Test 5 - Different trace files
+SET SESSION debug= '+O,../../log/bug46165.5.trace';
+SET SESSION debug= '+O,../../log/bug46165.6.trace';
+SET SESSION debug= '-O';
+
+SET GLOBAL debug= @old_globaldebug;
+SET SESSION debug= @old_sessiondebug;
Attachment: [text/bzr-bundle] bzr/jon.hauglid@oracle.com-20100928090758-181jm9k743tznuuo.bundle
| Thread |
|---|
| • bzr push into mysql-5.5-runtime branch (jon.hauglid:3145 to 3146) Bug#46165 | Jon Olav Hauglid | 28 Sep |
