List:Commits« Previous MessageNext Message »
From:Magne Mahre Date:October 15 2009 11:39am
Subject:bzr push into mysql-5.5.0-next-mr-runtime branch (magne.mahre:2925 to
2926) Bug#38124
View as plain text  
 2926 Magne Mahre	2009-10-15
      Bug #38124  (clean-up patch)
      
      The fix for Bug #38124 introuced a bug. If the value given 
      for a set_var exceeded the length of the temporary buffer,
      we would read behind the end of the buffer.  Using 
      c_ptr_safe(), instead of c_ptr(), ensures that we won't
      read beyond the buffer limit
      
      mysql-6.0-codebase revid: 2617.44.1

    modified:
      sql/set_var.cc
 2925 Magne Mahre	2009-10-15
      Bug #37433  	Deadlock between open_table, close_open_tables, 
                      get_table_share, drop_open_table
                  
      In the partition handler code, LOCK_open and share->LOCK_ha_data
      are acquired in the wrong order in certain cases.  When doing a
      multi-row INSERT (i.e a INSERT..SELECT) in a table with auto-
      increment column(s). the increments must be in a monotonically
      continuous increasing sequence (i.e it can't have "holes"). To
      achieve this, a lock is held for the duration of the operation.
      share->LOCK_ha_data was used for this purpose.
                  
      Whenever there was a need to open a view _during_ the operation
      (views are not currently pre-opened the way tables are), and
      LOCK_open was grabbed, a deadlock could occur.  share->LOCK_ha_data
      is other places used _while_ holding LOCK_open.
                  
      A new mutex was introduced in the HA_DATA_PARTITION structure,
      for exclusive use of the autoincrement data fields, so we don't
      need to overload the use of LOCK_ha_data here.
                  
      A module test case has not been supplied, since the problem occurs
      as a result of a race condition, and testing for this condition 
      is thus not deterministic.   Testing for it could be done by
      setting up a test case as described in the bug report.

    modified:
      sql/ha_partition.cc
      sql/ha_partition.h
      sql/table.cc
      sql/table.h
=== modified file 'sql/set_var.cc'
--- a/sql/set_var.cc	2009-10-15 09:09:31 +0000
+++ b/sql/set_var.cc	2009-10-15 11:38:21 +0000
@@ -2544,7 +2544,7 @@ bool update_sys_var_str_path(THD *thd, s
     String str(buff, sizeof(buff), system_charset_info), *newval;
 
     newval= var->value->val_str(&str);
-    old_value= newval->c_ptr();
+    old_value= newval->c_ptr_safe();
     str_length= strlen(old_value);
   } 
   


Attachment: [text/bzr-bundle] bzr/magne.mahre@sun.com-20091015113821-v9b3su5opnpd8b75.bundle
Thread
bzr push into mysql-5.5.0-next-mr-runtime branch (magne.mahre:2925 to2926) Bug#38124Magne Mahre15 Oct