3891 Ahmad Abdullateef 2012-12-18
BUG#14727815 - CRASH IN PTHREAD_RWLOCK_WRLOCK/SRW_UNLOCK
IN QUERY CACHE CODE
MySQL Server crashes sporadically when Query Caching is on and
the server has high contention among clients.
In Query_cache::move_by_type() when handling RESULT or its related blocks,
Write Lock is acquired on its parent Query block. However the next and prev
pointers are cached in local variables before lock acquisition. In an extremely
high contention scenario there exists a possibility that
Query_cache::append_result_data() is operating on the same query block
and as a consequence might append a new Result block to the end of Result
blocks Linked List of the Query. This would manipulate the next, prev pointers
of the Block being processed in move_by_type(), however the local pointers
still point to previous nodes there by causing Data Corruption leading to crash.
The next, prev pointers are now accessed only after Lock acquisition in
3890 Vasil Dimov 2012-12-18
Fix Bug#13463493 INNODB PLUGIN WERE CHANGED, BUT STILL USE THE
SAME VERSION NUMBER 1.0.17
Now that InnoDB/InnoDB Plugin is no longer separately developed and
distributed from the MySQL server it does not need its own version number.
Thus use the MySQL version instead.
"Removing" the version altogether is not feasible because the config
variable 'innodb_version' cannot be removed in GA branches.
Reviewed by: Marko (rb#1751)
=== modified file 'sql/sql_cache.cc'
--- a/sql/sql_cache.cc 2012-12-11 18:00:51 +0000
+++ b/sql/sql_cache.cc 2012-12-18 16:42:56 +0000
@@ -3892,15 +3892,14 @@ my_bool Query_cache::move_by_type(uchar
- DBUG_PRINT("qcache", ("block 0x%lx RES* (%d)", (ulong) block,
- (int) block->type));
- if (*border == 0)
- Query_cache_block *query_block = block->result()->parent(),
- *next = block->next,
- *prev = block->prev;
- Query_cache_block::block_type type = block->type;
+ DBUG_PRINT("qcache", ("block 0x%lx RES* (%d)", (ulong) block,
+ (int) block->type));
+ if (*border == 0)
+ Query_cache_block *query_block= block->result()->parent();
+ Query_cache_block *next= block->next, *prev= block->prev;
+ Query_cache_block::block_type type= block->type;
ulong len = block->length, used = block->used;
Query_cache_block *pprev = block->pprev,
*pnext = block->pnext,
No bundle (reason: useless for push emails).
|• bzr push into mysql-5.1 branch (ahmad.abdullateef:3890 to 3891) Bug#14727815||ahmad.abdullateef||19 Dec|