diff options
| author | unknown <heikki@hundin.mysql.fi> | 2004-03-31 18:06:13 +0300 |
|---|---|---|
| committer | unknown <heikki@hundin.mysql.fi> | 2004-03-31 18:06:13 +0300 |
| commit | f4b6dab211a1bac4d636aed32de40022ababcd06 (patch) | |
| tree | dbdd601c34d35d61b569198bbf59f55cd2f528eb /innobase | |
| parent | bdb370c872853e092aa8de749ca306ed7b2f411d (diff) | |
| download | mariadb-git-f4b6dab211a1bac4d636aed32de40022ababcd06.tar.gz | |
fil0fil.c:
Add assertions to check that we do not go out of bounds of io thread status array
os0file.c:
Fix memory corruption (assertion failure on line 244 of sync0sync.c) reported by Miguel in a Windows build of MySQL-4.1.2. The bug is present in all InnoDB versions in Windows, but it depends on how the linker places a static array in srv0srv.c, whether the bug shows itself. 4 bytes were overwritten with a pointer to a statically allocated string: 'get windows aio return value'.
innobase/os/os0file.c:
Fix memory corruption (assertion failure on line 244 of sync0sync.c) reported by Miguel in a Windows build of MySQL-4.1.2. The bug is present in all InnoDB versions in Windows, but it depends on how the linker places a static array in srv0srv.c, whether the bug shows itself. 4 bytes were overwritten with a pointer to a statically allocated string: 'get windows aio return value'.
innobase/fil/fil0fil.c:
Add assertions to check that we do not go out of bounds of io thread status array
Diffstat (limited to 'innobase')
| -rw-r--r-- | innobase/fil/fil0fil.c | 5 | ||||
| -rw-r--r-- | innobase/os/os0file.c | 18 |
2 files changed, 19 insertions, 4 deletions
diff --git a/innobase/fil/fil0fil.c b/innobase/fil/fil0fil.c index 9f33013d2f9..35a028822c0 100644 --- a/innobase/fil/fil0fil.c +++ b/innobase/fil/fil0fil.c @@ -1331,6 +1331,7 @@ fil_aio_wait( ut_ad(fil_validate()); if (os_aio_use_native_aio) { + ut_a(segment < SRV_MAX_N_IO_THREADS); srv_io_thread_op_info[segment] = (char *) "native aio handle"; #ifdef WIN_ASYNC_IO ret = os_aio_windows_handle(segment, 0, &fil_node, &message, @@ -1342,6 +1343,7 @@ fil_aio_wait( ut_error; #endif } else { + ut_a(segment < SRV_MAX_N_IO_THREADS); srv_io_thread_op_info[segment] =(char *)"simulated aio handle"; ret = os_aio_simulated_handle(segment, (void**) &fil_node, @@ -1350,6 +1352,7 @@ fil_aio_wait( ut_a(ret); + ut_a(segment < SRV_MAX_N_IO_THREADS); srv_io_thread_op_info[segment] = (char *) "complete io for fil node"; mutex_enter(&(system->mutex)); @@ -1363,10 +1366,12 @@ fil_aio_wait( /* Do the i/o handling */ if (buf_pool_is_block(message)) { + ut_a(segment < SRV_MAX_N_IO_THREADS); srv_io_thread_op_info[segment] = (char *) "complete io for buf page"; buf_page_io_complete(message); } else { + ut_a(segment < SRV_MAX_N_IO_THREADS); srv_io_thread_op_info[segment] =(char *) "complete io for log"; log_io_complete(message); } diff --git a/innobase/os/os0file.c b/innobase/os/os0file.c index abcb2259e84..34dbf767773 100644 --- a/innobase/os/os0file.c +++ b/innobase/os/os0file.c @@ -1586,6 +1586,7 @@ os_aio_init( os_io_init_simple(); for (i = 0; i < n_segments; i++) { + ut_a(i < SRV_MAX_N_IO_THREADS); srv_io_thread_op_info[i] = (char*)"not started yet"; } @@ -1606,12 +1607,14 @@ os_aio_init( os_aio_read_array = os_aio_array_create(n_read_segs * n_per_seg, n_read_segs); for (i = 2; i < 2 + n_read_segs; i++) { + ut_a(i < SRV_MAX_N_IO_THREADS); srv_io_thread_function[i] = (char*)"read thread"; } os_aio_write_array = os_aio_array_create(n_write_segs * n_per_seg, n_write_segs); for (i = 2 + n_read_segs; i < n_segments; i++) { + ut_a(i < SRV_MAX_N_IO_THREADS); srv_io_thread_function[i] = (char*)"write thread"; } @@ -2324,11 +2327,10 @@ os_aio_windows_handle( n = array->n_slots / array->n_segments; if (array == os_aio_sync_array) { - srv_io_thread_op_info[orig_seg] = - "wait Windows aio for 1 page"; os_event_wait(os_aio_array_get_nth_slot(array, pos)->event); i = pos; } else { + ut_a(orig_seg < SRV_MAX_N_IO_THREADS); srv_io_thread_op_info[orig_seg] = "wait Windows aio"; i = os_event_wait_multiple(n, @@ -2341,7 +2343,12 @@ os_aio_windows_handle( ut_a(slot->reserved); - srv_io_thread_op_info[orig_seg] = "get windows aio return value"; + if (orig_seg != ULINT_UNDEFINED) { + ut_a(orig_seg < SRV_MAX_N_IO_THREADS); + srv_io_thread_op_info[orig_seg] = + "get windows aio return value"; + } + ret = GetOverlappedResult(slot->file, &(slot->control), &len, TRUE); *message1 = slot->message1; @@ -2663,7 +2670,8 @@ consecutive_loop: offs += consecutive_ios[i]->len; } } - + + ut_a(global_segment < SRV_MAX_N_IO_THREADS); srv_io_thread_op_info[global_segment] = (char*) "doing file i/o"; if (os_aio_print_debug) { @@ -2714,6 +2722,7 @@ consecutive_loop: } ut_a(ret); + ut_a(global_segment < SRV_MAX_N_IO_THREADS); srv_io_thread_op_info[global_segment] = (char*) "file i/o done"; /* printf("aio: %lu consecutive %lu:th segment, first offs %lu blocks\n", @@ -2772,6 +2781,7 @@ wait_for_io: os_mutex_exit(array->mutex); recommended_sleep: + ut_a(global_segment < SRV_MAX_N_IO_THREADS); srv_io_thread_op_info[global_segment] = (char*)"waiting for i/o request"; |