diff options
| author | Marko Mäkelä <marko.makela@oracle.com> | 2011-01-25 11:54:50 +0200 |
|---|---|---|
| committer | Marko Mäkelä <marko.makela@oracle.com> | 2011-01-25 11:54:50 +0200 |
| commit | 46b7ef69916635ca0575ea4898ed8980f4bf6f5a (patch) | |
| tree | adc5e579cf88a22392659d73214c19236e906a06 | |
| parent | 60a622d1c1940f80829a4df312ff49a6feae265e (diff) | |
| download | mariadb-git-46b7ef69916635ca0575ea4898ed8980f4bf6f5a.tar.gz | |
Bug#59464 Race condition in row_vers_build_for_semi_consistent_read
row_vers_build_for_semi_consistent_read(): Dereference version_trx before
releasing kernel_mutex, but not thereafter.
| -rw-r--r-- | storage/innobase/row/row0vers.c | 10 | ||||
| -rw-r--r-- | storage/innodb_plugin/ChangeLog | 5 | ||||
| -rw-r--r-- | storage/innodb_plugin/row/row0vers.c | 10 |
3 files changed, 19 insertions, 6 deletions
diff --git a/storage/innobase/row/row0vers.c b/storage/innobase/row/row0vers.c index f4adfa855df..23aca8c3f2e 100644 --- a/storage/innobase/row/row0vers.c +++ b/storage/innobase/row/row0vers.c @@ -593,11 +593,15 @@ row_vers_build_for_semi_consistent_read( mutex_enter(&kernel_mutex); version_trx = trx_get_on_id(version_trx_id); + if (version_trx + && (version_trx->conc_state == TRX_COMMITTED_IN_MEMORY + || version_trx->conc_state == TRX_NOT_STARTED)) { + + version_trx = NULL; + } mutex_exit(&kernel_mutex); - if (!version_trx - || version_trx->conc_state == TRX_NOT_STARTED - || version_trx->conc_state == TRX_COMMITTED_IN_MEMORY) { + if (!version_trx) { /* We found a version that belongs to a committed transaction: return it. */ diff --git a/storage/innodb_plugin/ChangeLog b/storage/innodb_plugin/ChangeLog index 24cac7ac2be..d5e9a6bc825 100644 --- a/storage/innodb_plugin/ChangeLog +++ b/storage/innodb_plugin/ChangeLog @@ -1,5 +1,10 @@ 2011-01-25 The InnoDB Team + * row/row0vers.c: + Fix Bug#59464 Race condition in row_vers_build_for_semi_consistent_read + +2011-01-25 The InnoDB Team + * btr/btr0btr.c, btr/btr0cur.c, btr/btr0sea.c, buf/buf0buddy.c, buf/buf0buf.c, buf/buf0lru.c, include/buf0buf.h, include/buf0buf.ic, include/buf0lru.h, diff --git a/storage/innodb_plugin/row/row0vers.c b/storage/innodb_plugin/row/row0vers.c index b6d35363f08..d4fde0b939b 100644 --- a/storage/innodb_plugin/row/row0vers.c +++ b/storage/innodb_plugin/row/row0vers.c @@ -669,11 +669,15 @@ row_vers_build_for_semi_consistent_read( mutex_enter(&kernel_mutex); version_trx = trx_get_on_id(version_trx_id); + if (version_trx + && (version_trx->conc_state == TRX_COMMITTED_IN_MEMORY + || version_trx->conc_state == TRX_NOT_STARTED)) { + + version_trx = NULL; + } mutex_exit(&kernel_mutex); - if (!version_trx - || version_trx->conc_state == TRX_NOT_STARTED - || version_trx->conc_state == TRX_COMMITTED_IN_MEMORY) { + if (!version_trx) { /* We found a version that belongs to a committed transaction: return it. */ |