diff options
| author | unknown <heikki@hundin.mysql.fi> | 2004-05-18 01:53:06 +0300 |
|---|---|---|
| committer | unknown <heikki@hundin.mysql.fi> | 2004-05-18 01:53:06 +0300 |
| commit | 08d1de2c167ff900965aa9f0951a02077a4f663f (patch) | |
| tree | 40d6ca9c16accc14afc3db1bf2462bcf56b00ea5 /innobase/mem/mem0pool.c | |
| parent | d4f6c7a4c7e836fb81bd4b21a1ea8b1e69d0c917 (diff) | |
| download | mariadb-git-08d1de2c167ff900965aa9f0951a02077a4f663f.tar.gz | |
mem0pool.c:
Fix a memory corruption bug: in 32-bit computers, every 4 billionth malloc outside innodb_additional_mem_pool_size was mistreated when freeing the memory; this could corrupt the InnoDB additional mem pool and could have caused crashes anywhere, also inside MySQL, or even database corruption! the bug exists also in 3.23 and 4.1; workaround: configure innodb_additional_mem_pool_size big enough
innobase/mem/mem0pool.c:
Fix a memory corruption bug: in 32-bit computers, every 4 billionth malloc outside innodb_additional_mem_pool_size was mistreated when freeing the memory; this could corrupt the InnoDB additional mem pool and could have caused crashes anywhere, also inside MySQL, or even database corruption! the bug exists also in 3.23 and 4.1; workaround: configure innodb_additional_mem_pool_size big enough
Diffstat (limited to 'innobase/mem/mem0pool.c')
| -rw-r--r-- | innobase/mem/mem0pool.c | 18 |
1 files changed, 5 insertions, 13 deletions
diff --git a/innobase/mem/mem0pool.c b/innobase/mem/mem0pool.c index 3c409e3fceb..d77432a1e20 100644 --- a/innobase/mem/mem0pool.c +++ b/innobase/mem/mem0pool.c @@ -97,8 +97,6 @@ struct mem_pool_struct{ /* The common memory pool */ mem_pool_t* mem_comm_pool = NULL; -ulint mem_out_of_mem_err_msg_count = 0; - /* We use this counter to check that the mem pool mutex does not leak; this is to track a strange assertion failure reported at mysql@lists.mysql.com */ @@ -266,8 +264,6 @@ mem_pool_fill_free_list( if (i >= 63) { /* We come here when we have run out of space in the memory pool: */ - - mem_out_of_mem_err_msg_count++; return(FALSE); } @@ -460,17 +456,13 @@ mem_area_free( ulint size; ulint n; - if (mem_out_of_mem_err_msg_count > 0) { - /* It may be that the area was really allocated from the - OS with regular malloc: check if ptr points within - our memory pool */ + /* It may be that the area was really allocated from the OS with + regular malloc: check if ptr points within our memory pool */ - if ((byte*)ptr < pool->buf - || (byte*)ptr >= pool->buf + pool->size) { - ut_free(ptr); + if ((byte*)ptr < pool->buf || (byte*)ptr >= pool->buf + pool->size) { + ut_free(ptr); - return; - } + return; } area = (mem_area_t*) (((byte*)ptr) - MEM_AREA_EXTRA_SIZE); |