summaryrefslogtreecommitdiff
path: root/sql/sql_acl.cc
diff options
context:
space:
mode:
authorMagne Mahre <magne.mahre@sun.com>2009-12-18 11:48:34 +0100
committerMagne Mahre <magne.mahre@sun.com>2009-12-18 11:48:34 +0100
commitf815246486444ca2dc5d408099439e1d973d3a7b (patch)
tree45a1f6b9f458b0a7b814f8f97c13c4a56e602934 /sql/sql_acl.cc
parentdd1378c8ff671c96318ad90e06ed28018469ac17 (diff)
downloadmariadb-git-f815246486444ca2dc5d408099439e1d973d3a7b.tar.gz
Backport to 5.1 branch (next-mr revid: 2921)
Bug#35589 SET PASSWORD caused a crash Bug#35591 FLUSH PRIVILEGES caused a crash A race condition on the privilege hash tables (proc_priv_hash and func_priv_hash) caused one thread to try to delete elements that had already been deleted by another thread. The bug was caused by reading and saving the pointers to the hash tables outside mutex protection. This led to an inconsistency where a thread copied a pointer to a hash, another thread did the same, the first thread then deleted the hash, and the second then crashed when it in turn tried to delete the deleted hash. The fix is to ensure that operations on the shared hash structures happens under mutex protection (moving the locking up a little)
Diffstat (limited to 'sql/sql_acl.cc')
-rw-r--r--sql/sql_acl.cc2
1 files changed, 1 insertions, 1 deletions
diff --git a/sql/sql_acl.cc b/sql/sql_acl.cc
index 3b81a85c368..b30c012e633 100644
--- a/sql/sql_acl.cc
+++ b/sql/sql_acl.cc
@@ -3765,11 +3765,11 @@ static my_bool grant_reload_procs_priv(THD *thd)
DBUG_RETURN(TRUE);
}
+ rw_wrlock(&LOCK_grant);
/* Save a copy of the current hash if we need to undo the grant load */
old_proc_priv_hash= proc_priv_hash;
old_func_priv_hash= func_priv_hash;
- rw_wrlock(&LOCK_grant);
if ((return_val= grant_load_procs_priv(table.table)))
{
/* Error; Reverting to old hash */