From: Tor Didriksen Date: January 20 2011 1:14pm Subject: bzr commit into mysql-trunk branch (tor.didriksen:3538) Bug#59111 List-Archive: http://lists.mysql.com/commits/129276 X-Bug: 59111 Message-Id: <20110120131404.6C5FF372E@atum07.norway.sun.com> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============8985385737358436901==" --===============8985385737358436901== MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Content-Disposition: inline #At file:///export/home/didrik/repo/trunk-bug59111-gis-crash/ based on revid:martin.hansson@stripped 3538 Tor Didriksen 2011-01-20 Bug #59111 gis crashes when server is compiled without performance schema The crash was due to pointer aliasing, nothing to do with perf.schema. @ sql/gcalc_slicescan.cc Use proper type for result_hook in new_slice(). Then static_cast<> before returning result (this was the bug). Cleanup some C-style casts, use reinterpret_cast instead. Move declarations closer to where they are actually needed. Remove the recursion between alloc_new_block() and new_item() @ sql/gcalc_slicescan.h Remove the recursion between alloc_new_block() and new_item() (it looked suspicious) modified: sql/gcalc_slicescan.cc sql/gcalc_slicescan.h === modified file 'sql/gcalc_slicescan.cc' --- a/sql/gcalc_slicescan.cc 2010-11-08 11:34:12 +0000 +++ b/sql/gcalc_slicescan.cc 2011-01-20 13:14:00 +0000 @@ -62,15 +62,14 @@ void Gcalc_dyn_list::format_blk(void* bl } -Gcalc_dyn_list::Item *Gcalc_dyn_list::alloc_new_blk() +void Gcalc_dyn_list::alloc_new_blk() { void *new_block= my_malloc(m_blk_size, MYF(MY_WME)); if (!new_block) - return NULL; + return; *m_blk_hook= new_block; m_blk_hook= (void**)new_block; format_blk(new_block); - return new_item(); } @@ -260,8 +259,8 @@ Gcalc_scan_iterator::Gcalc_scan_iterator Gcalc_scan_iterator::point *Gcalc_scan_iterator::new_slice(Gcalc_scan_iterator::point *example) { - point *result= NULL; - Gcalc_dyn_list::Item **result_hook= (Gcalc_dyn_list::Item **)&result; + Gcalc_dyn_list::Item *item_result= NULL; + Gcalc_dyn_list::Item **result_hook= &item_result; while (example) { *result_hook= new_slice_point(); @@ -269,6 +268,7 @@ Gcalc_scan_iterator::point example= example->get_next(); } *result_hook= NULL; + point *result= static_cast(item_result); return result; } @@ -321,13 +321,10 @@ static inline bool slice_first(const Gca int Gcalc_scan_iterator::insert_top_point() { - point *sp= m_slice1; - Gcalc_dyn_list::Item **prev_hook= (Gcalc_dyn_list::Item **)&m_slice1; - point *sp1; point *sp0= new_slice_point(); - if (!sp0) return 1; + sp0->pi= m_cur_pi; sp0->next_pi= m_cur_pi->left; sp0->thread= m_cur_thread++; @@ -338,7 +335,8 @@ int Gcalc_scan_iterator::insert_top_poin m_event1= scev_thread; /*Now just to increase the size of m_slice0 to be same*/ - if (!(sp1= new_slice_point())) + point *sp1= new_slice_point(); + if (!sp1) return 1; sp1->next= m_slice0; m_slice0= sp1; @@ -354,15 +352,18 @@ int Gcalc_scan_iterator::insert_top_poin Binary search could probably make things faster here, but structures used aren't suitable, and the scan is usually not really long */ - for (; sp && slice_first(sp, sp0); - prev_hook= &sp->next, sp=sp->get_next()) - {} + point *sp= m_slice1; + point **prev_hook= &m_slice1; + for (; sp && slice_first(sp, sp0); sp=sp->get_next()) + { + prev_hook= reinterpret_cast(&(sp->next)); + } if (m_cur_pi->right) { m_event1= scev_two_threads; /*We have two threads so should decide which one will be first*/ - sp1= new_slice_point(); + point *sp1= new_slice_point(); if (!sp1) return 1; sp1->pi= m_cur_pi; @@ -549,7 +550,6 @@ int Gcalc_scan_iterator::add_intersectio int Gcalc_scan_iterator::find_intersections() { point *sp1= m_slice1; - Gcalc_dyn_list::Item **hook; m_n_intersections= 0; { @@ -564,7 +564,8 @@ int Gcalc_scan_iterator::find_intersecti } } - hook= (Gcalc_dyn_list::Item **)&m_intersections; + Gcalc_dyn_list::Item **hook= + reinterpret_cast(&m_intersections); bool intersections_found; point *last_possible_isc= NULL; === modified file 'sql/gcalc_slicescan.h' --- a/sql/gcalc_slicescan.h 2010-11-05 09:34:03 +0000 +++ b/sql/gcalc_slicescan.h 2011-01-20 13:14:00 +0000 @@ -42,14 +42,17 @@ public: Item *new_item() { Item *result; + if (!m_free) + alloc_new_blk(); if (m_free) { result= m_free; m_free= m_free->next; } else - result= alloc_new_blk(); + return NULL; + result->next= NULL; return result; } inline void free_item(Item *item) @@ -83,7 +86,7 @@ protected: Item *m_free; Item *m_keep; - Item *alloc_new_blk(); + void alloc_new_blk(); void format_blk(void* block); inline Item *ptr_add(Item *ptr, int n_items) { --===============8985385737358436901== MIME-Version: 1.0 Content-Type: text/bzr-bundle; charset="us-ascii"; name="bzr/tor.didriksen@stripped" Content-Transfer-Encoding: 7bit Content-Disposition: inline # Bazaar merge directive format 2 (Bazaar 0.90) # revision_id: tor.didriksen@stripped\ # sa70pbvqbwxzu0ry # target_branch: file:///export/home/didrik/repo/trunk-bug59111-gis-\ # crash/ # testament_sha1: 19f07bdaf8b23397d1df44956ac7ae9ea42b35dd # timestamp: 2011-01-20 14:14:04 +0100 # base_revision_id: martin.hansson@stripped\ # v0ke0x005v11g45p # # Begin bundle IyBCYXphYXIgcmV2aXNpb24gYnVuZGxlIHY0CiMKQlpoOTFBWSZTWYiPNhwAAzpfgFAQeXf//16n FgC////6YAdNRu77qElLk3LbZy6F2PZlcJJETTT0lP00YVPxT1NT1P9VGmTaTTTTI0YhobQSSAmm gnoSaekT1T0j0h5IfqnqNGQAADTUDJJiQbJGjR+qAAAAGhoAGIhJlDT1PSD1PQTQ9QxNGgANAAHN MTJk0YTBMTTAJgEMEYEYBJEExBTJhMQDKn6Ap6mjah6gZAeiPPmwFVJ0YV7ciFXB6HNI350H/Icf FCbM7hF5BpJWYdQweYVwnSJw1kEoFk5EmUoQBYIrKMpuVRQ6RaZpd09gkngjt8dZ9j9zeX6GYYPY dxUMgZkMyM/qAMQMotdffc7EyC8MpZr5tFHmJiSXkKRAmYcGnN6ljgBZXCVdNHGmaFwjGEBkGxrv Eh8gk0c4VHOuGp+Os2aoWQrgORZD3atLbAG2WeyGrjpuWGE7WA0oqtUpjnIyKQPab78Twp6ju5EO /UHsIrybBmZcyzfQv7bs4URwye5CmefC3AjNY1adBkI1QnAzhkyTMptue6sZmsVyrQv4TEMysn17 ZdmiNQF/EfWK44K6XyZ6GKMBLekOB37THUzReZfIDBksWEQ1XgfNBgP9URSDRIHITJmA36HcTqvL uu+yaxTJhQLxN5bLIgrxjAtSHuoAe6DMtC5fUYFK9sYUibOqofQ4B6Ro2nF3ad85ecS5C2Ke+d1N la4Sq3G1dYAY8NwOQZqUtcp/0Ybiry1gP5HN5di3RpaNvwMyxnpwgQ3iXLaqKs2jELJAyRd6zB65 jqeNR9RmTcivCmlIaQQ7EmYG3dYxMb6bRupKSqBfQClDCEpj3teWT6GM2BfMctuOw1GSuiM2U8ox eIFGOVhzXyQMiI9xyncpSvIkzSYg8G3mtZavcrlhdlbZiMc6OizDoPiescqQTjoSmnJ1jcvr9+zu rGGZIsO+NRWa8uHY2pdKFETVBMKUo98boNNu08H0uNRsvKGvWEljcY5XZZ7Nd0qqk/MA5mppGsdi wgmLNAk2ZVcIjwfwGIu7eFsroFRbNQoPoSNWyvfKBCRQwhjteryy8eJGDsnN2KxAesXljhExhKBr lpaJSbT8EW4hCMmg1tZMyxulClpigqOER5M6k6ImuKYxoxH1CyINOGzqI0FCzkLC2YO4bCEsCR1A pZfAeOg4MxuAme6kkgtN+l1CdgIAXj9GUDBk39pvojR3MMK2UDxIA5lGZFEETRKBJevCIXRGJiHJ yFxjwPIcqB9YG37xLltVpFyzdrq5GxVSVPSf6PXpsbTEa3yNVn19sNUprsLlneKBEapHfuq37znO noWIYyly5ba15oodjsA6wIoRbuZdOwfRUPNL3j6SQvMUdSGEV5HkjrEREWos7ERgLfZwh7TGvxHb LOAlfeJbu4Nu0pMXDVGOI0OWOjVOi+FQrhUISRbn2XGLRzJHOvzlRC0vcuZDcN/HU3M4hbINLhmH YvnzoDqU+UozuDYPjzlJywvTaKAzocd8tIv+RlroTtKL+ZWyafTp0hjjNvIxNp3r1U8G2/F2lBif Q1RIDpFV0Jgm8M2rbK6JKAO8NYjs3BZI3MtAyWhCsik7iWRtDad53HtHWo0Wc+J4dQxaLaBUHF3X YSko2oJUls/aosyTNsADFRRmvCJxivBlAwuLDB0DAw/kLrxHFFSkdnuRbHuklgK6sjhAB+jd5lTU yPfikQr/pBPUFsQWgbRl5I5K48dF1IipavxHCGdLSX6oW6W5kXIo0jeN+Bl6ia/kpskcMWvAPRNQ xRFXAviGwL0WddM96S7t33WUhJhfNp2AMEP6LpdFmxRE57SAiZCzoWbsT/9tkmq5w0JlPEgs58Fr 7CfgVKUUalZOxAg48kEEzxYiMmQNzIvJBNDx1IdDeJEzsuNtN28gVLK4RQmQyZgc5U+5bXayCuS0 ROQRQLASyYoE5N2sexFKLD52zSP8EmQ5GDl1U/ZlWv/aGejIcwe5jZ1MMLvAkuvI/L1T5UG6y1In iNvPQfXmmbl9tJ5+nmOoDEOF+BmN5vdxkhkyQeNlEhHA62yaSTaIMZoNZfrKMDP5wVjnavEFiGkz rnN88CgSO186qr8AeUJBNUhIGKwWBuADJeihBb0uzVZOYBGxNaOKtYeTMkPMg1crmBNmm+v+Wd15 nuGfbMzNVxVrWQ4IXEZIhPxkBCXJdV50RTSuP8RIOk8Znodgg5O9OSHiEkzfUKIlzMGAUjUgGzVH 5kosaOnlHUOFVE9jYmH8M6OQIPWAY10Ilbz/ADWaWXxH6+Rd5MBl9qzf6XrM5ZxdMwXguqitCSqs Ho878wICHMRggB2qqvmB7AVHbrZLla3IhuTo2Kyn3AUnoLuSKcKEhER5sOA= --===============8985385737358436901==--