MySQL Lists are EOL. Please join:

List:Commits« Previous MessageNext Message »
From:Petr Chardin Date:July 11 2006 11:55am
Subject:bk commit into 5.0 tree (petr:1.2224) BUG#15205
View as plain text  
Below is the list of changes that have just been committed into a local
5.0 repository of cps. When cps does a push these changes will
be propagated to the main repository and, within 24 hours after the
push, to the public repository.
For information on how to access the public repository
see http://dev.mysql.com/doc/mysql/en/installing-source-tree.html

ChangeSet@stripped, 2006-07-11 15:54:52+04:00, petr@stripped +3 -0
  Fix Bug#15205 "Select from CSV table without the datafile causes crash"

  mysql-test/r/csv.result@stripped, 2006-07-11 15:54:22+04:00, petr@stripped +10 -0
    update result file

  mysql-test/t/csv.test@stripped, 2006-07-11 15:54:22+04:00, petr@stripped +24 -0
    add a test for the bug

  sql/examples/ha_tina.cc@stripped, 2006-07-11 15:54:22+04:00, petr@stripped +8 -5
    move open() call before my_hash_insert, so that we don't insert invalid
    share to the hash. To avoid other possible problems also add
    hash_delete(), so that the share is removed from hash before it is freed.

# This is a BitKeeper patch.  What follows are the unified diffs for the
# set of deltas contained in the patch.  The rest of the patch, the part
# that BitKeeper cares about, is below these diffs.
# User:	petr
# Host:	owlet.
# Root:	/home/cps/mysql/trees/mysql-5.0-virgin

--- 1.4/mysql-test/r/csv.result	2006-07-11 15:55:02 +04:00
+++ 1.5/mysql-test/r/csv.result	2006-07-11 15:55:02 +04:00
@@ -5000,3 +5000,13 @@
 truncate table t1;
 affected rows: 0
 drop table t1;
+create table bug15205 (val int(11) default null) engine=csv;
+create table bug15205_2 (val int(11) default null) engine=csv;
+select * from bug15205;
+ERROR HY000: Got error 1 from storage engine
+select * from bug15205_2;
+val
+select * from bug15205;
+val
+drop table bug15205;
+drop table bug15205_2;

--- 1.5/mysql-test/t/csv.test	2006-07-11 15:55:02 +04:00
+++ 1.6/mysql-test/t/csv.test	2006-07-11 15:55:02 +04:00
@@ -1384,3 +1384,27 @@
 --disable_info
 drop table t1;
 
+#
+# Bug #15205   Select from CSV table without the datafile causes crash
+#
+# NOTE: the bug is not deterministic
+
+# The crash happens because the necessary cleanup after an error wasn't
+# performed. Namely, the table share, inserted in the hash during table
+# open, was not deleted from hash. At the same time the share was freed
+# when an error was encountered. Thus, subsequent access to the hash
+# resulted in scanning through deleted memory and we were geting a crash.
+# that's why we need two tables in the bugtest
+
+create table bug15205 (val int(11) default null) engine=csv;
+create table bug15205_2 (val int(11) default null) engine=csv;
+--exec rm $MYSQLTEST_VARDIR/master-data/test/bug15205.CSV
+# system error (can't open the datafile)
+--error ER_GET_ERRNO
+select * from bug15205;
+select * from bug15205_2;
+--exec touch $MYSQLTEST_VARDIR/master-data/test/bug15205.CSV
+select * from bug15205;
+drop table bug15205;
+drop table bug15205_2;
+

--- 1.22/sql/examples/ha_tina.cc	2006-07-11 15:55:02 +04:00
+++ 1.23/sql/examples/ha_tina.cc	2006-07-11 15:55:02 +04:00
@@ -184,16 +184,18 @@
     share->table_name_length=length;
     share->table_name=tmp_name;
     strmov(share->table_name,table_name);
-    fn_format(data_file_name, table_name, "", ".CSV",MY_REPLACE_EXT|MY_UNPACK_FILENAME);
+    fn_format(data_file_name, table_name, "", ".CSV",
+              MY_REPLACE_EXT | MY_UNPACK_FILENAME);
+
+    if ((share->data_file= my_open(data_file_name, O_RDWR|O_APPEND,
+                                   MYF(0))) == -1)
+      goto error;
+
     if (my_hash_insert(&tina_open_tables, (byte*) share))
       goto error;
     thr_lock_init(&share->lock);
     pthread_mutex_init(&share->mutex,MY_MUTEX_INIT_FAST);
 
-    if ((share->data_file= my_open(data_file_name, O_RDWR|O_APPEND,
-                                   MYF(0))) == -1)
-      goto error2;
-
     /* We only use share->data_file for writing, so we scan to the end to append */
     if (my_seek(share->data_file, 0, SEEK_END, MYF(0)) == MY_FILEPOS_ERROR)
       goto error2;
@@ -212,6 +214,7 @@
 error2:
   thr_lock_delete(&share->lock);
   pthread_mutex_destroy(&share->mutex);
+  hash_delete(&tina_open_tables, (byte*) share);
 error:
   pthread_mutex_unlock(&tina_mutex);
   my_free((gptr) share, MYF(0));
Thread
bk commit into 5.0 tree (petr:1.2224) BUG#15205Petr Chardin11 Jul