mirror/mariadb
1
0
Fork 0
mirror of https://github.com/MariaDB/server.git synced 2025-01-31 11:01:52 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Bug#16268289 LOCK_REC_VALIDATE_PAGE() MAY DEREFERENCE A POINTER TO A

Browse source 
FREED LOCK

ANALYIS
-------

In 5.5 code the lock_rec_block_validate() is called after releasing
the kernel mutex. There is a chance that the lock might be invalid so,
we are getting the valgrind error on invalid read on lock->index.

FIX
---

Fix would be to copy the lock->index when we are holding the kernel mutex 
and then pass it to the lock_rec_block_validate(). This implementation
is present in 5.1 code.  

[ Approved by sunny rb.no.oracle.com/rb/r/2152/ ]
This commit is contained in:
Aditya A 2013-03-13 11:43:21 +05:30
parent 0d0bb62b50
commit 4137279353
1 changed files with 3 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
storage/innobase/lock/lock0lock.c
View file

@ -4980,6 +4980,7 @@ lock_rec_validate_page(
{
const lock_t* lock;
const rec_t* rec;
dict_index_t* index;
ulint nth_lock = 0;
ulint nth_bit = 0;
ulint i;
@ -5029,6 +5030,7 @@ loop:
if (i == 1 || lock_rec_get_nth_bit(lock, i)) {
index = lock->index;
rec = page_find_rec_with_heap_no(block->frame, i);
ut_a(rec);
offsets = rec_get_offsets(rec, lock->index, offsets,
@ -5045,7 +5047,7 @@ loop:
check WILL break the latching order and may
cause a deadlock of threads. */
lock_rec_queue_validate(block, rec, lock->index,
lock_rec_queue_validate(block, rec, index,
offsets);
lock_mutex_enter_kernel();