MySQL Lists are EOL. Please join:

List:Commits« Previous MessageNext Message »
From:Alexey Botchkov Date:March 9 2010 10:22am
Subject:bzr commit into mysql-5.1-bugteam branch (holyfoot:3385) Bug#51377
View as plain text  
#At file:///home/hf/work/mysql_common/51377/ based on revid:luis.soares@stripped

 3385 Alexey Botchkov	2010-03-09
      Bug#51377      Crash in information_schema / processlist on concurrent DDL workload
          the fill_schema_processlist function accesses THD::query() without proper protection
          so the parallel thread killing can lead to access to the freed meemory.
      
      per-file comments:
        sql/sql_load.cc
      Bug#51377      Crash in information_schema / processlist on concurrent DDL workload
          the THD::set_query_inner() call needs to be protected.
          But here we don't need to change the original thd->query() at all.
        sql/sql_show.cc
      Bug#51377      Crash in information_schema / processlist on concurrent DDL workload
          protect the THD::query() access with the THD::LOCK_thd_data mutex.

    modified:
      sql/sql_load.cc
      sql/sql_show.cc
=== modified file 'sql/sql_load.cc'
--- a/sql/sql_load.cc	2010-01-24 07:03:23 +0000
+++ b/sql/sql_load.cc	2010-03-09 10:19:10 +0000
@@ -689,12 +689,10 @@ static bool write_execute_load_query_log
   strcpy(end, p);
   end += pl;
 
-  thd->set_query_inner(load_data_query, end - load_data_query);
-
   Execute_load_query_log_event
-    e(thd, thd->query(), thd->query_length(),
-      (uint) ((char*) fname_start - (char*) thd->query() - 1),
-      (uint) ((char*) fname_end - (char*) thd->query()),
+    e(thd, load_data_query, end-load_data_query,
+      (uint) ((char*) fname_start - load_data_query - 1),
+      (uint) ((char*) fname_end - load_data_query),
       (duplicates == DUP_REPLACE) ? LOAD_DUP_REPLACE :
       (ignore ? LOAD_DUP_IGNORE : LOAD_DUP_ERROR),
       transactional_table, FALSE, errcode);

=== modified file 'sql/sql_show.cc'
--- a/sql/sql_show.cc	2010-01-21 15:14:10 +0000
+++ b/sql/sql_show.cc	2010-03-09 10:19:10 +0000
@@ -1991,6 +1991,8 @@ int fill_schema_processlist(THD* thd, TA
         pthread_mutex_unlock(&mysys_var->mutex);
 
       /* INFO */
+      /* Lock THD mutex that protects its data when looking at it. */
+      pthread_mutex_lock(&tmp->LOCK_thd_data);
       if (tmp->query())
       {
         table->field[7]->store(tmp->query(),
@@ -1998,6 +2000,7 @@ int fill_schema_processlist(THD* thd, TA
                                    tmp->query_length()), cs);
         table->field[7]->set_notnull();
       }
+      pthread_mutex_unlock(&tmp->LOCK_thd_data);
 
       if (schema_table_store_record(thd, table))
       {


Attachment: [text/bzr-bundle] bzr/holyfoot@mysql.com-20100309101910-vjb49a0871rr4sb4.bundle
Thread
bzr commit into mysql-5.1-bugteam branch (holyfoot:3385) Bug#51377Alexey Botchkov10 Mar