diff options
| author | Vicențiu Ciorbaru <vicentiu@mariadb.org> | 2016-08-16 11:25:11 +0300 |
|---|---|---|
| committer | Vicențiu Ciorbaru <vicentiu@mariadb.org> | 2016-08-23 21:24:36 +0300 |
| commit | 4eb898bb1663ab470a07e8419de4aa14b5afc667 (patch) | |
| tree | 81bb1fe2e773e70bfcd4c3500d54333cf7f3ef2d /sql | |
| parent | 4da2b83af712492e4c3cb85e0005cde8511fa810 (diff) | |
| download | mariadb-git-4eb898bb1663ab470a07e8419de4aa14b5afc667.tar.gz | |
MDEV-10563 Crash during shutdown in Master_info_index::any_slave_sql_running
In well defined C code, the "this" pointer is never NULL. Currently, we
were potentially dereferencing a NULL pointer (master_info_index). GCC v6
removes any "if (!this)" conditions as it assumes this is always a
non-null pointer. In order to prevent undefined behaviour, check the
pointer before dereferencing and remove the check within member
functions.
Diffstat (limited to 'sql')
| -rw-r--r-- | sql/item_func.cc | 7 | ||||
| -rw-r--r-- | sql/mysqld.cc | 5 | ||||
| -rw-r--r-- | sql/rpl_mi.cc | 7 | ||||
| -rw-r--r-- | sql/slave.cc | 1 | ||||
| -rw-r--r-- | sql/sys_vars.cc | 25 |
5 files changed, 26 insertions, 19 deletions
diff --git a/sql/item_func.cc b/sql/item_func.cc index b637213bc2d..9ee1ba4c7a7 100644 --- a/sql/item_func.cc +++ b/sql/item_func.cc @@ -3942,7 +3942,7 @@ longlong Item_master_pos_wait::val_int() longlong timeout = (arg_count>=3) ? args[2]->val_int() : 0 ; String connection_name_buff; LEX_STRING connection_name; - Master_info *mi; + Master_info *mi= NULL; if (arg_count >= 4) { String *con; @@ -3962,8 +3962,9 @@ longlong Item_master_pos_wait::val_int() connection_name= thd->variables.default_master_connection; mysql_mutex_lock(&LOCK_active_mi); - mi= master_info_index->get_master_info(&connection_name, - Sql_condition::WARN_LEVEL_WARN); + if (master_info_index) // master_info_index is set to NULL on shutdown. + mi= master_info_index->get_master_info(&connection_name, + Sql_condition::WARN_LEVEL_WARN); mysql_mutex_unlock(&LOCK_active_mi); if (!mi) goto err; diff --git a/sql/mysqld.cc b/sql/mysqld.cc index 826f2af3a85..9748add6505 100644 --- a/sql/mysqld.cc +++ b/sql/mysqld.cc @@ -7307,7 +7307,10 @@ static int show_slaves_running(THD *thd, SHOW_VAR *var, char *buff) var->value= buff; mysql_mutex_lock(&LOCK_active_mi); - *((longlong *)buff)= master_info_index->any_slave_sql_running(); + if (master_info_index) + *((longlong *)buff)= master_info_index->any_slave_sql_running(); + else + *((longlong *)buff)= 0; mysql_mutex_unlock(&LOCK_active_mi); return 0; diff --git a/sql/rpl_mi.cc b/sql/rpl_mi.cc index 9c6f4639717..249bf7608e5 100644 --- a/sql/rpl_mi.cc +++ b/sql/rpl_mi.cc @@ -1095,8 +1095,6 @@ Master_info_index::get_master_info(LEX_STRING *connection_name, connection_name->str)); mysql_mutex_assert_owner(&LOCK_active_mi); - if (!this) // master_info_index is set to NULL on server shutdown - DBUG_RETURN(NULL); /* Make name lower case for comparison */ res= strmake(buff, connection_name->str, connection_name->length); @@ -1250,8 +1248,6 @@ bool Master_info_index::give_error_if_slave_running() { DBUG_ENTER("give_error_if_slave_running"); mysql_mutex_assert_owner(&LOCK_active_mi); - if (!this) // master_info_index is set to NULL on server shutdown - DBUG_RETURN(TRUE); for (uint i= 0; i< master_info_hash.records; ++i) { @@ -1282,8 +1278,7 @@ uint Master_info_index::any_slave_sql_running() { uint count= 0; DBUG_ENTER("any_slave_sql_running"); - if (!this) // master_info_index is set to NULL on server shutdown - DBUG_RETURN(count); + mysql_mutex_assert_owner(&LOCK_active_mi); for (uint i= 0; i< master_info_hash.records; ++i) { diff --git a/sql/slave.cc b/sql/slave.cc index d8ec946ad16..6dc1a66a2ac 100644 --- a/sql/slave.cc +++ b/sql/slave.cc @@ -649,6 +649,7 @@ int terminate_slave_threads(Master_info* mi,int thread_mask,bool skip_lock) mysql_mutex_unlock(log_lock); } if (opt_slave_parallel_threads > 0 && + master_info_index &&// master_info_index is set to NULL on server shutdown !master_info_index->any_slave_sql_running()) rpl_parallel_inactivate_pool(&global_rpl_thread_pool); if (thread_mask & (SLAVE_IO|SLAVE_FORCE_ALL)) diff --git a/sql/sys_vars.cc b/sql/sys_vars.cc index 5b2b6e32314..689d35c9cc3 100644 --- a/sql/sys_vars.cc +++ b/sql/sys_vars.cc @@ -1538,7 +1538,8 @@ Sys_var_gtid_slave_pos::do_check(THD *thd, set_var *var) } mysql_mutex_lock(&LOCK_active_mi); - running= master_info_index->give_error_if_slave_running(); + running= (!master_info_index || + master_info_index->give_error_if_slave_running()); mysql_mutex_unlock(&LOCK_active_mi); if (running) return true; @@ -1578,7 +1579,7 @@ Sys_var_gtid_slave_pos::global_update(THD *thd, set_var *var) mysql_mutex_unlock(&LOCK_global_system_variables); mysql_mutex_lock(&LOCK_active_mi); - if (master_info_index->give_error_if_slave_running()) + if (!master_info_index || master_info_index->give_error_if_slave_running()) err= true; else err= rpl_gtid_pos_update(thd, var->save_result.string_value.str, @@ -1767,7 +1768,8 @@ check_slave_parallel_threads(sys_var *self, THD *thd, set_var *var) bool running; mysql_mutex_lock(&LOCK_active_mi); - running= master_info_index->give_error_if_slave_running(); + running= (!master_info_index || + master_info_index->give_error_if_slave_running()); mysql_mutex_unlock(&LOCK_active_mi); if (running) return true; @@ -1782,7 +1784,8 @@ fix_slave_parallel_threads(sys_var *self, THD *thd, enum_var_type type) mysql_mutex_unlock(&LOCK_global_system_variables); mysql_mutex_lock(&LOCK_active_mi); - err= master_info_index->give_error_if_slave_running(); + err= (!master_info_index || + master_info_index->give_error_if_slave_running()); mysql_mutex_unlock(&LOCK_active_mi); mysql_mutex_lock(&LOCK_global_system_variables); @@ -1809,7 +1812,8 @@ check_slave_domain_parallel_threads(sys_var *self, THD *thd, set_var *var) bool running; mysql_mutex_lock(&LOCK_active_mi); - running= master_info_index->give_error_if_slave_running(); + running= (!master_info_index || + master_info_index->give_error_if_slave_running()); mysql_mutex_unlock(&LOCK_active_mi); if (running) return true; @@ -1824,7 +1828,8 @@ fix_slave_domain_parallel_threads(sys_var *self, THD *thd, enum_var_type type) mysql_mutex_unlock(&LOCK_global_system_variables); mysql_mutex_lock(&LOCK_active_mi); - running= master_info_index->give_error_if_slave_running(); + running= (!master_info_index || + master_info_index->give_error_if_slave_running()); mysql_mutex_unlock(&LOCK_active_mi); mysql_mutex_lock(&LOCK_global_system_variables); @@ -1862,7 +1867,8 @@ check_gtid_ignore_duplicates(sys_var *self, THD *thd, set_var *var) bool running; mysql_mutex_lock(&LOCK_active_mi); - running= master_info_index->give_error_if_slave_running(); + running= (!master_info_index || + master_info_index->give_error_if_slave_running()); mysql_mutex_unlock(&LOCK_active_mi); if (running) return true; @@ -1877,7 +1883,8 @@ fix_gtid_ignore_duplicates(sys_var *self, THD *thd, enum_var_type type) mysql_mutex_unlock(&LOCK_global_system_variables); mysql_mutex_lock(&LOCK_active_mi); - running= master_info_index->give_error_if_slave_running(); + running= (!master_info_index || + master_info_index->give_error_if_slave_running()); mysql_mutex_unlock(&LOCK_active_mi); mysql_mutex_lock(&LOCK_global_system_variables); @@ -2830,7 +2837,7 @@ Sys_var_replicate_events_marked_for_skip::global_update(THD *thd, set_var *var) mysql_mutex_unlock(&LOCK_global_system_variables); mysql_mutex_lock(&LOCK_active_mi); - if (!master_info_index->give_error_if_slave_running()) + if (master_info_index && !master_info_index->give_error_if_slave_running()) result= Sys_var_enum::global_update(thd, var); mysql_mutex_unlock(&LOCK_active_mi); mysql_mutex_lock(&LOCK_global_system_variables); |