diff options
author | Daniel Black <daniel@mariadb.org> | 2022-05-20 09:31:18 +1000 |
---|---|---|
committer | Daniel Black <daniel@mariadb.org> | 2022-05-26 08:53:23 +1000 |
commit | de1b9925650bb6e079ece924ba1b8d2f2124c731 (patch) | |
tree | ebe9b50a2d4e167ea591ac76a2e9bf737e7cfed7 | |
parent | 0ba528fe56f6c637d9fbc9d177a62610038fd519 (diff) | |
download | mariadb-git-bb-10.2-danielblack-MDEV-28597-aria-double-free.tar.gz |
MDEV-28597: double free in maria_open()bb-10.2-danielblack-MDEV-28597-aria-double-free
disk_cache is freed error handling functions.
Because we've freed this earlier in maria_open,
disk_cache is assigning to 0 (like the 10.3+ commit
c127a1ba1450) to prevents the double free happing
in the error path that can be triggered later in
this function.
-rw-r--r-- | storage/maria/ma_open.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/storage/maria/ma_open.c b/storage/maria/ma_open.c index 87bded7ed50..68e07526601 100644 --- a/storage/maria/ma_open.c +++ b/storage/maria/ma_open.c @@ -900,6 +900,7 @@ MARIA_HA *maria_open(const char *name, int mode, uint open_flags) (keys ? MARIA_INDEX_BLOCK_MARGIN * share->block_size * keys : 0)); my_free(disk_cache); + disk_cache= 0; _ma_setup_functions(share); max_data_file_length= share->base.max_data_file_length; if ((*share->once_init)(share, info.dfile.file)) |