On 4/26/09 1:41 PM, Davi Arnaut wrote:
> Hi Alexey,
>
> On 4/22/09 4:30 AM, Alexey Botchkov wrote:
>> #At file:///home/hf/work/mysql_common/37774/ based on
>> revid:alfranio.correia@stripped
>>
>> 3224 Alexey Botchkov 2009-04-22
>> Bug#37774 main.events_bugs fails sporadically
>> get_lock() function can crash the system when used inside the event
>> handler.
>> the interruptible_wait() function used in the implementation calls
>> thd->vio_is_connected() in some circumstances and this method leads to
>> crash when the thread doesn't have an real connection (thd->net.vio is
>> NULL).
>>
>> Fixed by checking that thd->net.vio isn't NULL.
>>
>
> [..]
>
>> === modified file 'sql/item_func.cc'
>> --- a/sql/item_func.cc 2009-04-08 23:46:45 +0000
>> +++ b/sql/item_func.cc 2009-04-22 07:24:13 +0000
>> @@ -3540,7 +3540,7 @@ static int interruptible_wait(THD *thd,
>> if (error == ETIMEDOUT || error == ETIME)
>> {
>> /* Return error if timed out or connection is broken. */
>> - if (!timeout || !thd->vio_is_connected())
>> + if (!timeout || (thd->net.vio&& !thd->vio_is_connected()))
>> break;
>> }
>> } while (error&& timeout);
>>
>
> Hum, this scenario looks fishy. The thread was sleeping on a condition
> variable, timed out and found out that its connection has been closed.
> This sounds more like a race condition waiting to happen... a race
> between the time of the check and of pointer dereference.
>
> How does vio becomes null? the thread is killed or something else?
>
Hum, looking at the source code it seems that the way to have a null
net.vio is executing as a init command. Is this the case?
