List:Commits« Previous MessageNext Message »
From:Sergey Glukhov Date:October 27 2008 10:26am
Subject:bzr commit into mysql-5.0-bugteam branch (Sergey.Glukhov:2713)
Bug#39040
View as plain text  
#At file:///home/gluh/MySQL/mysql-5.0-bugteam/

 2713 Sergey Glukhov	2008-10-27
      Bug#39040 valgrind errors/crash when creating views with binlog logging enabled
      A string buffers which were included in the 'view' data structure
      were allocated on the stack, causing an invalid pointer when used
      after the function returned.
      The fix: use copy of values for view->md5 & view->queries
modified:
  mysql-test/r/view.result
  mysql-test/t/view.test
  sql/sql_view.cc

per-file messages:
  mysql-test/r/view.result
    test result
  mysql-test/t/view.test
    test case
  sql/sql_view.cc
    A string buffers which were included in the 'view' data structure
    were allocated on the stack, causing an invalid pointer when used
    after the function returned.
    The fix: use copy of values for view->md5 & view->queries
=== modified file 'mysql-test/r/view.result'
--- a/mysql-test/r/view.result	2008-03-26 18:43:12 +0000
+++ b/mysql-test/r/view.result	2008-10-27 10:22:38 +0000
@@ -3677,6 +3677,8 @@ DROP VIEW v1;
 
 # -- End of test case for Bug#35193.
 
+CREATE VIEW v1 AS SELECT 1;
+DROP VIEW v1;
 # -----------------------------------------------------------------
 # -- End of 5.0 tests.
 # -----------------------------------------------------------------

=== modified file 'mysql-test/t/view.test'
--- a/mysql-test/t/view.test	2008-03-26 18:43:12 +0000
+++ b/mysql-test/t/view.test	2008-10-27 10:22:38 +0000
@@ -3560,6 +3560,15 @@ DROP VIEW v1;
 
 ###########################################################################
 
+#
+# Bug#39040: valgrind errors/crash when creating views with binlog logging 
+# enabled
+#
+# Bug is visible only when running in valgrind with binary logging.
+CREATE VIEW v1 AS SELECT 1;
+DROP VIEW v1;
+
+
 --echo # -----------------------------------------------------------------
 --echo # -- End of 5.0 tests.
 --echo # -----------------------------------------------------------------

=== modified file 'sql/sql_view.cc'
--- a/sql/sql_view.cc	2008-09-30 12:50:28 +0000
+++ b/sql/sql_view.cc	2008-10-27 10:22:38 +0000
@@ -774,8 +774,13 @@ static int mysql_register_view(THD *thd,
   DBUG_PRINT("info", ("View: %s", str.ptr()));
 
   /* fill structure */
-  view->query.str= str.c_ptr_safe();
-  view->query.length= str.length();
+  if (!make_lex_string(thd, &view->query, str.ptr(), str.length(), false))
+  {
+    my_error(ER_OUT_OF_RESOURCES, MYF(0));
+    error= -1;
+    goto err;   
+  }
+
   view->source.str= thd->query + thd->lex->create_view_select_start;
   view->source.length= (char *)skip_rear_comments(thd->charset(),
                                                   (char *)view->source.str,
@@ -784,7 +789,12 @@ static int mysql_register_view(THD *thd,
                         view->source.str;
   view->file_version= 1;
   view->calc_md5(md5);
-  view->md5.str= md5;
+  if (!(view->md5.str= thd->memdup(md5, 32)))
+  {
+    my_error(ER_OUT_OF_RESOURCES, MYF(0));
+    error= -1;
+    goto err;   
+  }
   view->md5.length= 32;
   can_be_merged= lex->can_be_merged();
   if (lex->create_view_algorithm == VIEW_ALGORITHM_MERGE &&
Thread
bzr commit into mysql-5.0-bugteam branch (Sergey.Glukhov:2713)Bug#39040Sergey Glukhov27 Oct