BUG#23443: user-defined variables can consume too much memory in the

server

The problem was that when memory was exhausted HEAP engine could crash
(GROUP BY uses HEAP TABLE).  Alternatively, if SET was used, it could
report an error "You may only use constant expressions with SET" instead
of "Out of memory (Needed NNNNNN bytes)".

The solution is:
 - pass MY_WME to (some) calls to my_malloc() to get correct message.
 - fix heap_write() so that the first key is skipped during cleanup
   on ENOMEM because it wasn't inserted and doesn't have to be
   deleted.

No test case is provided because we can't test out-of-memory behaviour
in our current test framework.
This commit is contained in:
kroki/tomash@moonlight.home 2007-01-09 12:24:25 +03:00
parent c2d73af1b2
commit 5b4d9d8706
3 changed files with 16 additions and 6 deletions

View file

@ -47,7 +47,7 @@ int _hp_get_new_block(HP_BLOCK *block, ulong *alloc_length)
break;
*alloc_length=sizeof(HP_PTRS)*i+block->records_in_block* block->recbuffer;
if (!(root=(HP_PTRS*) my_malloc(*alloc_length,MYF(0))))
if (!(root=(HP_PTRS*) my_malloc(*alloc_length,MYF(MY_WME))))
return 1;
if (i == 0)

View file

@ -66,13 +66,22 @@ int heap_write(HP_INFO *info, const byte *record)
DBUG_RETURN(0);
err:
if (my_errno == HA_ERR_FOUND_DUPP_KEY)
DBUG_PRINT("info",("Duplicate key: %d",key));
info->errkey= key;
do
/*
Because 'key' is unsigned, we increase it before the loop, unless
we have to skip the key that wasn't inserted yet due to OOM. In
the loop we test 'key' before decreasing it as the protection
against value wraparound.
*/
if (my_errno != ENOMEM)
key++;
while (key-- > 0)
{
if (_hp_delete_key(info,share->keydef+key,record,pos,0))
break;
} while (key-- > 0);
}
share->deleted++;
*((byte**) pos)=share->del_link;

View file

@ -1892,8 +1892,9 @@ bool Item_func_set_user_var::update_hash(const void *ptr, uint length,
char *pos= (char*) entry+ ALIGN_SIZE(sizeof(user_var_entry));
if (entry->value == pos)
entry->value=0;
if (!(entry->value=(char*) my_realloc(entry->value, length,
MYF(MY_ALLOW_ZERO_PTR))))
entry->value= (char*) my_realloc(entry->value, length,
MYF(MY_ALLOW_ZERO_PTR | MY_WME));
if (!entry->value)
goto err;
}
}