diff options
| author | Gopal Shankar <gopal.shankar@oracle.com> | 2012-01-30 11:57:33 +0530 |
|---|---|---|
| committer | Gopal Shankar <gopal.shankar@oracle.com> | 2012-01-30 11:57:33 +0530 |
| commit | 7f0f18cd6ecd5a40f45393bfcc678350855f1513 (patch) | |
| tree | 2ce5748dc707cfa32ce8cb3a2a00425015bf3836 | |
| parent | 26c52659c9fb2ddbdabb661f0a089705d16a46c1 (diff) | |
| download | mariadb-git-7f0f18cd6ecd5a40f45393bfcc678350855f1513.tar.gz | |
Bug#13105873 :Valgrind Warning: CRASH IN FOREIGN
KEY HANDLING ON SUBSEQUENT CREATE TABLE IF NOT EXISTS
PROBLEM:
--------
Consider a SP routine which does CREATE TABLE
with REFERENCES clause. The first call to this routine
invokes parser and the parsed items are cached, so as
to avoid parsing for the second execution of the routine.
It is obsevered that valgrind reports a warning
upon read of thd->lex->alter_info->key_list->Foreign_key object,
which seem to be pointing to a invalid memory address
during second time execution of the routine. Accessing this object
theoretically could cause a crash.
ANALYSIS:
---------
The problem stems from the fact that for some reason
elements of ref_columns list in thd->lex->alter_info->
key_list->Foreign_key object are changed to point to
objects allocated on runtime memory root.
During the first execution of routine we create
a copy of thd->lex->alter_info object.
As part of this process we create a clones of objects in
Alter_info::key_list and of Foreign_key object in particular.
Then Foreign_key object is cloned for some reason we
perform shallow copies of both Foreign_key::ref_columns
and Foreign_key::columns list. So new instance of
Foreign_key object starts to SHARE contents of ref_columns
and columns list with the original instance.
After that as part of cloning process we call
list_copy_and_replace_each_value() for elements of
ref_columns list. As result ref_columns lists in both
original and cloned Foreign_key object start to contain
pointers to Key_part_spec objects allocated on runtime
memory root because of shallow copy.
So when we start copying of thd->lex->alter_info object
during the second execution of stored routine we indeed
encounter pointer to the Key_part_spec object allocated
on runtime mem-root which was cleared during at the end
of previous execution. This is done in sp_head::execute(),
by a call to free_root(&execute_mem_root,MYF(0));
As result we get valgrind warnings about accessing
unreferenced memory.
FIX:
----
The safest solution to this problem is to
fix Foreign_key(Foreign_key, MEM_ROOT) constructor to do
a deep copy of columns lists, similar to Key(Key, MEM_ROOT)
constructor.
| -rw-r--r-- | mysql-test/r/sp-bugs.result | 19 | ||||
| -rw-r--r-- | mysql-test/t/sp-bugs.test | 24 | ||||
| -rw-r--r-- | sql/sql_class.cc | 4 |
3 files changed, 45 insertions, 2 deletions
diff --git a/mysql-test/r/sp-bugs.result b/mysql-test/r/sp-bugs.result index 507c73c2683..59588768d14 100644 --- a/mysql-test/r/sp-bugs.result +++ b/mysql-test/r/sp-bugs.result @@ -109,4 +109,23 @@ DROP FUNCTION db1.f1; DROP TABLE db1.t1; DROP DATABASE db1; DROP DATABASE db2; +# +# Bug#13105873:valgrind warning:possible crash in foreign +# key handling on subsequent create table if not exists +# +DROP DATABASE IF EXISTS testdb; +CREATE DATABASE testdb; +USE testdb; +CREATE TABLE t1 (id1 INT PRIMARY KEY); +CREATE PROCEDURE `p1`() +BEGIN +CREATE TABLE IF NOT EXISTS t2(id INT PRIMARY KEY, +CONSTRAINT FK FOREIGN KEY (id) REFERENCES t1( id1 )); +END$ +CALL p1(); +# below stmt should not return valgrind warnings +CALL p1(); +Warnings: +Note 1050 Table 't2' already exists +DROP DATABASE testdb; End of 5.1 tests diff --git a/mysql-test/t/sp-bugs.test b/mysql-test/t/sp-bugs.test index fe52632c784..a23ccea8189 100644 --- a/mysql-test/t/sp-bugs.test +++ b/mysql-test/t/sp-bugs.test @@ -138,4 +138,28 @@ DROP FUNCTION db1.f1; DROP TABLE db1.t1; DROP DATABASE db1; DROP DATABASE db2; + +--echo # +--echo # Bug#13105873:valgrind warning:possible crash in foreign +--echo # key handling on subsequent create table if not exists +--echo # + +--disable_warnings +DROP DATABASE IF EXISTS testdb; +--enable_warnings +CREATE DATABASE testdb; +USE testdb; +CREATE TABLE t1 (id1 INT PRIMARY KEY); +DELIMITER $; +CREATE PROCEDURE `p1`() +BEGIN + CREATE TABLE IF NOT EXISTS t2(id INT PRIMARY KEY, + CONSTRAINT FK FOREIGN KEY (id) REFERENCES t1( id1 )); +END$ +DELIMITER ;$ +CALL p1(); +--echo # below stmt should not return valgrind warnings +CALL p1(); +DROP DATABASE testdb; + --echo End of 5.1 tests diff --git a/sql/sql_class.cc b/sql/sql_class.cc index 7fb1d2ade5f..32e2e90acd7 100644 --- a/sql/sql_class.cc +++ b/sql/sql_class.cc @@ -122,9 +122,9 @@ Key::Key(const Key &rhs, MEM_ROOT *mem_root) */ Foreign_key::Foreign_key(const Foreign_key &rhs, MEM_ROOT *mem_root) - :Key(rhs), + :Key(rhs,mem_root), ref_table(rhs.ref_table), - ref_columns(rhs.ref_columns), + ref_columns(rhs.ref_columns,mem_root), delete_opt(rhs.delete_opt), update_opt(rhs.update_opt), match_opt(rhs.match_opt) |