From 5b4d9d87061e92649ba404a882592c8d96bda141 Mon Sep 17 00:00:00 2001 From: "kroki/tomash@moonlight.home" <> Date: Tue, 9 Jan 2007 12:24:25 +0300 Subject: [PATCH 1/2] BUG#23443: user-defined variables can consume too much memory in the server The problem was that when memory was exhausted HEAP engine could crash (GROUP BY uses HEAP TABLE). Alternatively, if SET was used, it could report an error "You may only use constant expressions with SET" instead of "Out of memory (Needed NNNNNN bytes)". The solution is: - pass MY_WME to (some) calls to my_malloc() to get correct message. - fix heap_write() so that the first key is skipped during cleanup on ENOMEM because it wasn't inserted and doesn't have to be deleted. No test case is provided because we can't test out-of-memory behaviour in our current test framework. --- heap/hp_block.c | 2 +- heap/hp_write.c | 15 ++++++++++++--- sql/item_func.cc | 5 +++-- 3 files changed, 16 insertions(+), 6 deletions(-) diff --git a/heap/hp_block.c b/heap/hp_block.c index 5c052218e58..8afcaf8d945 100644 --- a/heap/hp_block.c +++ b/heap/hp_block.c @@ -47,7 +47,7 @@ int _hp_get_new_block(HP_BLOCK *block, ulong *alloc_length) break; *alloc_length=sizeof(HP_PTRS)*i+block->records_in_block* block->recbuffer; - if (!(root=(HP_PTRS*) my_malloc(*alloc_length,MYF(0)))) + if (!(root=(HP_PTRS*) my_malloc(*alloc_length,MYF(MY_WME)))) return 1; if (i == 0) diff --git a/heap/hp_write.c b/heap/hp_write.c index 18fa95e7760..b5349d74691 100644 --- a/heap/hp_write.c +++ b/heap/hp_write.c @@ -66,13 +66,22 @@ int heap_write(HP_INFO *info, const byte *record) DBUG_RETURN(0); err: - DBUG_PRINT("info",("Duplicate key: %d",key)); + if (my_errno == HA_ERR_FOUND_DUPP_KEY) + DBUG_PRINT("info",("Duplicate key: %d",key)); info->errkey= key; - do + /* + Because 'key' is unsigned, we increase it before the loop, unless + we have to skip the key that wasn't inserted yet due to OOM. In + the loop we test 'key' before decreasing it as the protection + against value wraparound. + */ + if (my_errno != ENOMEM) + key++; + while (key-- > 0) { if (_hp_delete_key(info,share->keydef+key,record,pos,0)) break; - } while (key-- > 0); + } share->deleted++; *((byte**) pos)=share->del_link; diff --git a/sql/item_func.cc b/sql/item_func.cc index e83d1f35db8..421f72ab69b 100644 --- a/sql/item_func.cc +++ b/sql/item_func.cc @@ -1892,8 +1892,9 @@ bool Item_func_set_user_var::update_hash(const void *ptr, uint length, char *pos= (char*) entry+ ALIGN_SIZE(sizeof(user_var_entry)); if (entry->value == pos) entry->value=0; - if (!(entry->value=(char*) my_realloc(entry->value, length, - MYF(MY_ALLOW_ZERO_PTR)))) + entry->value= (char*) my_realloc(entry->value, length, + MYF(MY_ALLOW_ZERO_PTR | MY_WME)); + if (!entry->value) goto err; } } From 067b80a8d3ebc84d2253231d0d630045fac85acd Mon Sep 17 00:00:00 2001 From: "kroki/tomash@moonlight.home" <> Date: Tue, 9 Jan 2007 13:07:39 +0300 Subject: [PATCH 2/2] Fix after manual merge. --- storage/heap/hp_write.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/storage/heap/hp_write.c b/storage/heap/hp_write.c index fd51b6f00c2..86e79c9d7ec 100644 --- a/storage/heap/hp_write.c +++ b/storage/heap/hp_write.c @@ -68,7 +68,7 @@ int heap_write(HP_INFO *info, const byte *record) err: if (my_errno == HA_ERR_FOUND_DUPP_KEY) - DBUG_PRINT("info",("Duplicate key: %d", (int) keydef - share->keydef)); + DBUG_PRINT("info",("Duplicate key: %d", (int) (keydef - share->keydef))); info->errkey= keydef - share->keydef; /* We don't need to delete non-inserted key from rb-tree. Also, if