Michael Widenius a écrit, Le 02/01/2009 08:30 AM:
> #At bzr+ssh://bk-internal.mysql.com/bzrroot/server/mysql-maria/ based on
> 2725 Michael Widenius 2009-02-01
> Fixes Bug #40711 "Maria crash in my_no_flags_free"
> per-file messages:
> Reset state_history when closing file.
> This fixes a race condition when the checkpoint is using the file while the file
> is beeing closed.
> The bug was that checkpoint was accessing the freed state_history.
> === modified file 'storage/maria/ma_close.c'
> --- a/storage/maria/ma_close.c 2008-12-09 09:56:02 +0000
> +++ b/storage/maria/ma_close.c 2009-02-01 07:29:56 +0000
> @@ -155,7 +155,7 @@ int maria_close(register MARIA_HA *info)
> MARIA_STATE_HISTORY_CLOSED *history;
> Here we ignore the unlikely case that we don't have memory to
> - store the case. In the worst case what happens is that any transaction
> + store the state. In the worst case what happens is that any transaction
> that tries to access this table will get a wrong status information.
> if ((history= (MARIA_STATE_HISTORY_CLOSED *)
> @@ -166,6 +166,8 @@ int maria_close(register MARIA_HA *info)
> if (my_hash_insert(&maria_stored_state, (uchar*) history))
> my_free(history, MYF(0));
> + /* Marker for concurrent checkpoint */
> + share->state_history= 0;
So, what was the scenario?
I imagined this one: Thread1 has just closed the table, but Thread2 had
started a checkpoint, so Thread1 leaves the share in existence; Thread2
looks at share->state_history, but why would that point to freed memory?
Is it because there is a Thread3 which did this freeing?
Mr. Guilhem Bichot <guilhem@stripped>
Sun Microsystems / MySQL, Lead Software Engineer
www.sun.com / www.mysql.com