BUG#30752 rpl_dual_pos_advance valgrind (jump depends on uninitialized LOG_INFO)

Problem: one thread could read uninitialized memory from (the stack of) another
thread.
Fix: swapped order of initializing the memory and making it available to the
other thread.
Fix: put lock around the statement that makes the memory available to the other
thread.
Fix: all fields of the struct are now initialized in the constructor, to avoid
future problems.

1 files changed, 8 insertions, 2 deletions

diff --git a/sql/sql_repl.cc b/sql/sql_repl.cc
index 9cc0ba7c29a..903d254db8f 100644
--- a/sql/sql_repl.cc
+++ b/sql/sql_repl.cc
@@ -364,7 +364,6 @@ void mysql_binlog_send(THD* thd, char* log_ident, my_off_t pos,
     name=0;					// Find first log
 
   linfo.index_file_offset = 0;
-  thd->current_linfo = &linfo;
 
   if (mysql_bin_log.find_log_pos(&linfo, name, 1))
   {
@@ -373,6 +372,10 @@ void mysql_binlog_send(THD* thd, char* log_ident, my_off_t pos,
     goto err;
   }
 
+  pthread_mutex_lock(&LOCK_thread_count);
+  thd->current_linfo = &linfo;
+  pthread_mutex_unlock(&LOCK_thread_count);
+
   if ((file=open_binlog(&log, log_file_name, &errmsg)) < 0)
   {
     my_errno= ER_MASTER_FATAL_ERROR_READING_BINLOG;
@@ -1338,7 +1341,6 @@ bool mysql_show_binlog_events(THD* thd)
       name=0;					// Find first log
 
     linfo.index_file_offset = 0;
-    thd->current_linfo = &linfo;
 
     if (mysql_bin_log.find_log_pos(&linfo, name, 1))
     {
@@ -1346,6 +1348,10 @@ bool mysql_show_binlog_events(THD* thd)
       goto err;
     }
 
+    pthread_mutex_lock(&LOCK_thread_count);
+    thd->current_linfo = &linfo;
+    pthread_mutex_unlock(&LOCK_thread_count);
+
     if ((file=open_binlog(&log, linfo.log_file_name, &errmsg)) < 0)
       goto err;