From 48e7d1e29bc5f5880978d604a2383c9fe68d6dea Mon Sep 17 00:00:00 2001 From: unknown Date: Thu, 17 Nov 2005 15:58:55 +0100 Subject: [PATCH] Fix for BUG#15018 "valgrind error in Rpl_filter (uninitalized memory - could crash)". The code was reading a HASH or DYNAMIC_ARRAY which may be uninited (difference from 5.0 is that those vars were always zeroed in 5.0 because were static globals, while they are new'd in 5.1). sql/rpl_filter.cc: the hash or dynamic_array may not be inited, depends on a bool (e.g. if wild_do_table_inited==0 wild_do_table is uninitialized memory); the code was not taking the bool into account and so reading uninited memory. sql/rpl_filter.h: comments and prototype change (see rpl_filter.cc) --- sql/rpl_filter.cc | 41 ++++++++++++++++++++++++----------------- sql/rpl_filter.h | 9 +++++++-- 2 files changed, 31 insertions(+), 19 deletions(-) diff --git a/sql/rpl_filter.cc b/sql/rpl_filter.cc index f9f8a3e98a7..143cd027b5f 100644 --- a/sql/rpl_filter.cc +++ b/sql/rpl_filter.cc @@ -449,30 +449,37 @@ Rpl_filter::free_string_array(DYNAMIC_ARRAY *a) */ void -Rpl_filter::table_rule_ent_hash_to_str(String* s, HASH* h) +Rpl_filter::table_rule_ent_hash_to_str(String* s, HASH* h, bool inited) { s->length(0); - for (uint i= 0; i < h->records; i++) + if (inited) { - TABLE_RULE_ENT* e= (TABLE_RULE_ENT*) hash_element(h, i); - if (s->length()) - s->append(','); - s->append(e->db,e->key_len); + for (uint i= 0; i < h->records; i++) + { + TABLE_RULE_ENT* e= (TABLE_RULE_ENT*) hash_element(h, i); + if (s->length()) + s->append(','); + s->append(e->db,e->key_len); + } } } void -Rpl_filter::table_rule_ent_dynamic_array_to_str(String* s, DYNAMIC_ARRAY* a) +Rpl_filter::table_rule_ent_dynamic_array_to_str(String* s, DYNAMIC_ARRAY* a, + bool inited) { s->length(0); - for (uint i= 0; i < a->elements; i++) + if (inited) { - TABLE_RULE_ENT* e; - get_dynamic(a, (gptr)&e, i); - if (s->length()) - s->append(','); - s->append(e->db,e->key_len); + for (uint i= 0; i < a->elements; i++) + { + TABLE_RULE_ENT* e; + get_dynamic(a, (gptr)&e, i); + if (s->length()) + s->append(','); + s->append(e->db,e->key_len); + } } } @@ -480,28 +487,28 @@ Rpl_filter::table_rule_ent_dynamic_array_to_str(String* s, DYNAMIC_ARRAY* a) void Rpl_filter::get_do_table(String* str) { - table_rule_ent_hash_to_str(str, &do_table); + table_rule_ent_hash_to_str(str, &do_table, do_table_inited); } void Rpl_filter::get_ignore_table(String* str) { - table_rule_ent_hash_to_str(str, &ignore_table); + table_rule_ent_hash_to_str(str, &ignore_table, ignore_table_inited); } void Rpl_filter::get_wild_do_table(String* str) { - table_rule_ent_dynamic_array_to_str(str, &wild_do_table); + table_rule_ent_dynamic_array_to_str(str, &wild_do_table, wild_do_table_inited); } void Rpl_filter::get_wild_ignore_table(String* str) { - table_rule_ent_dynamic_array_to_str(str, &wild_ignore_table); + table_rule_ent_dynamic_array_to_str(str, &wild_ignore_table, wild_ignore_table_inited); } diff --git a/sql/rpl_filter.h b/sql/rpl_filter.h index cfcb3b43607..5a766424d19 100644 --- a/sql/rpl_filter.h +++ b/sql/rpl_filter.h @@ -87,10 +87,15 @@ private: void free_string_array(DYNAMIC_ARRAY *a); - void table_rule_ent_hash_to_str(String* s, HASH* h); - void table_rule_ent_dynamic_array_to_str(String* s, DYNAMIC_ARRAY* a); + void table_rule_ent_hash_to_str(String* s, HASH* h, bool inited); + void table_rule_ent_dynamic_array_to_str(String* s, DYNAMIC_ARRAY* a, + bool inited); TABLE_RULE_ENT* find_wild(DYNAMIC_ARRAY *a, const char* key, int len); + /* + Those 4 structures below are uninitialized memory unless the + corresponding *_inited variables are "true". + */ HASH do_table; HASH ignore_table; DYNAMIC_ARRAY wild_do_table;