diff options
| author | Sujatha <sujatha.sivakumar@mariadb.com> | 2020-04-28 14:47:53 +0530 |
|---|---|---|
| committer | Sujatha <sujatha.sivakumar@mariadb.com> | 2020-04-29 10:52:41 +0530 |
| commit | 2e6b21be4a8d0bf094da288cadff866f1bb38062 (patch) | |
| tree | 78a572925eb8d69b6b04eeadf251721353a63442 /sql/rpl_filter.cc | |
| parent | 5193c1b542532fdfe364a4c75c24b6889103be4f (diff) | |
| download | mariadb-git-2e6b21be4a8d0bf094da288cadff866f1bb38062.tar.gz | |
MDEV-22317: SIGSEGV in my_free/delete_dynamic in optimized builds (ARIA)
Problem:
=======
SET @@GLOBAL.replicate_wild_ignore_table='';
SET @@GLOBAL.replicate_wild_do_table='';
Reports following valgrind error.
Conditional jump or move depends on uninitialised value(s)
Rpl_filter::set_wild_ignore_table(char const*) (rpl_filter.cc:439)
Conditional jump or move depends on uninitialised value(s)
at 0xF60390: delete_dynamic (array.c:304)
by 0x74F3F2: Rpl_filter::set_wild_do_table(char const*) (rpl_filter.cc:421)
Analysis:
========
List of values provided for options "wild_do_table" and "wild_ignore_table" are
stored in DYNAMIC_ARRAYS. When an empty list is provided these dynamic arrays
are not initialized. Existing code treats empty element list as an error and
tries to clean the uninitialized list. This results in above valgrind issue.
Fix:
===
The clean up should be initiated only when there is an error while parsing the
'wild_do_table' or 'wild_ignore_table' list and the dynamic_array is in
initialized state. Otherwise for empty list it should simply return success.
Diffstat (limited to 'sql/rpl_filter.cc')
| -rw-r--r-- | sql/rpl_filter.cc | 18 |
1 files changed, 12 insertions, 6 deletions
diff --git a/sql/rpl_filter.cc b/sql/rpl_filter.cc index 635a0f4e2d6..8035763bf35 100644 --- a/sql/rpl_filter.cc +++ b/sql/rpl_filter.cc @@ -416,10 +416,13 @@ Rpl_filter::set_wild_do_table(const char* table_spec) status= parse_filter_rule(table_spec, &Rpl_filter::add_wild_do_table); - if (!wild_do_table.elements) + if (wild_do_table_inited && status) { - delete_dynamic(&wild_do_table); - wild_do_table_inited= 0; + if (!wild_do_table.elements) + { + delete_dynamic(&wild_do_table); + wild_do_table_inited= 0; + } } return status; @@ -436,10 +439,13 @@ Rpl_filter::set_wild_ignore_table(const char* table_spec) status= parse_filter_rule(table_spec, &Rpl_filter::add_wild_ignore_table); - if (!wild_ignore_table.elements) + if (wild_ignore_table_inited && status) { - delete_dynamic(&wild_ignore_table); - wild_ignore_table_inited= 0; + if (!wild_ignore_table.elements) + { + delete_dynamic(&wild_ignore_table); + wild_ignore_table_inited= 0; + } } return status; |