From: ahmad.abdullateef
Date: December 18 2012 4:55pm
Subject: bzr push into mysql-5.1 branch (ahmad.abdullateef:3890 to 3891) Bug#14727815
List-Archive: http://lists.mysql.com/commits/145527
X-Bug: 14727815
Message-Id: <20121218165517.5456.65400.3891@AHABDULL-IN.idc.oracle.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit

 3891 Ahmad Abdullateef	2012-12-18
      BUG#14727815 - CRASH IN PTHREAD_RWLOCK_WRLOCK/SRW_UNLOCK
                                   IN QUERY CACHE CODE
      
      DESCRIPTION:
      MySQL Server crashes sporadically when Query Caching is on and
      the server has high contention among clients. 
      
      
      ANALYSIS :
      
      Scenario 1:
      In Query_cache::move_by_type() when handling RESULT or its related blocks,
      Write Lock is acquired on its parent Query block. However the next and prev
      pointers are cached in local variables before lock acquisition. In an extremely
      high contention scenario there exists a possibility that
      Query_cache::append_result_data() is operating on the same query block
      and as a consequence might append a new Result block to the end of Result
      blocks Linked List of the Query. This would manipulate the next, prev pointers
      of the Block being processed in move_by_type(), however the local pointers
      still point to previous nodes there by causing Data Corruption leading to crash.
      
      FIX :
      
      Scenario 1:
      The next, prev pointers are now accessed only after Lock acquisition in 
      Query_cache::move_by_type().

    modified:
      sql/sql_cache.cc
 3890 Vasil Dimov	2012-12-18
      Fix Bug#13463493 INNODB PLUGIN WERE CHANGED, BUT STILL USE THE
      SAME VERSION NUMBER 1.0.17
      
      Now that InnoDB/InnoDB Plugin is no longer separately developed and
      distributed from the MySQL server it does not need its own version number.
      Thus use the MySQL version instead.
      
      "Removing" the version altogether is not feasible because the config
      variable 'innodb_version' cannot be removed in GA branches.
      
      Reviewed by:	Marko (rb#1751)

    modified:
      storage/innodb_plugin/ChangeLog
      storage/innodb_plugin/include/univ.i
=== modified file 'sql/sql_cache.cc'
--- a/sql/sql_cache.cc	2012-12-11 18:00:51 +0000
+++ b/sql/sql_cache.cc	2012-12-18 16:42:56 +0000
@@ -3892,15 +3892,14 @@ my_bool Query_cache::move_by_type(uchar 
   case Query_cache_block::RES_CONT:
   case Query_cache_block::RESULT:
   {
-    DBUG_PRINT("qcache", ("block 0x%lx RES* (%d)", (ulong) block,
-			(int) block->type));
-    if (*border == 0)
-      break;
-    Query_cache_block *query_block = block->result()->parent(),
-		      *next = block->next,
-		      *prev = block->prev;
-    Query_cache_block::block_type type = block->type;
-    BLOCK_LOCK_WR(query_block);
+    DBUG_PRINT("qcache", ("block 0x%lx RES* (%d)", (ulong) block,
+               (int) block->type));
+    if (*border == 0)
+      break;
+    Query_cache_block *query_block= block->result()->parent();
+    BLOCK_LOCK_WR(query_block);
+    Query_cache_block *next= block->next, *prev= block->prev;
+    Query_cache_block::block_type type= block->type;
     ulong len = block->length, used = block->used;
     Query_cache_block *pprev = block->pprev,
 		      *pnext = block->pnext,

No bundle (reason: useless for push emails).