List:Commits« Previous MessageNext Message »
From:Mats Kindahl Date:September 21 2010 9:04pm
Subject:bzr commit into mysql-5.5 branch (mats.kindahl:3087) Bug#51841
View as plain text  
#At file:///home/bzr/bugs/b51841-5.5/ based on revid:joerg@stripped

 3087 Mats Kindahl	2010-09-21
      BUG#51841: mysqld crash when loading plugin of different version
      
      In sql_plugin.cc there is a loop that counts the number of plugin
      structures by iterating the memory and finding a NULL in the info
      field, which indicates a zero row terminating the list of plugin
      structures. However, when copying the structures, the row containing
      zeroes are missed, causing crashes later when not finding the end
      of the list of plugins.
      
      This patch solves the problem by allocating memory for an extra row
      and zeroing out the memory. When copying, this will leave a row of
      zeroes at the end of the array of plugins, acting as a sentinel for
      the end of the list.

    modified:
      sql/sql_plugin.cc
=== modified file 'sql/sql_plugin.cc'
--- a/sql/sql_plugin.cc	2010-08-23 09:38:10 +0000
+++ b/sql/sql_plugin.cc	2010-09-21 21:04:05 +0000
@@ -519,7 +519,7 @@ static st_plugin_dl *plugin_dl_add(const
       /* no op */;
 
     cur= (struct st_mysql_plugin*)
-          my_malloc(i*sizeof(struct st_mysql_plugin), MYF(MY_ZEROFILL|MY_WME));
+      my_malloc((i+1)*sizeof(struct st_mysql_plugin), MYF(MY_ZEROFILL|MY_WME));
     if (!cur)
     {
       free_plugin_mem(&plugin_dl);


Attachment: [text/bzr-bundle] bzr/mats.kindahl@oracle.com-20100921210405-ukk003sedrauye80.bundle
Thread
bzr commit into mysql-5.5 branch (mats.kindahl:3087) Bug#51841Mats Kindahl21 Sep