diff options
author | Jan Lindström <jan.lindstrom@mariadb.com> | 2019-08-20 10:32:04 +0300 |
---|---|---|
committer | Jan Lindström <jan.lindstrom@mariadb.com> | 2019-08-20 10:32:04 +0300 |
commit | 7b4de10477a7bdb51656d827ad2d914d29a4be4c (patch) | |
tree | bf1bade9ffc78d908539de4832c2800369375f85 /sql | |
parent | c5bc0cedea01cabfcd3a8d0d1410e427e2edc08e (diff) | |
download | mariadb-git-7b4de10477a7bdb51656d827ad2d914d29a4be4c.tar.gz |
MDEV-20378: Galera uses uninitialized memory
Problem was that wsrep thread argument was deleted on wrong
place. Furthermore, scan method incorrectly used unsafe c_ptr().
Finally, fixed wsrep thread initialization to correctly set
up thread_id and pass correct argument to functions and
fix signess problem causing compiler errors.
Diffstat (limited to 'sql')
-rw-r--r-- | sql/wsrep_mysqld.cc | 5 | ||||
-rw-r--r-- | sql/wsrep_mysqld.h | 15 | ||||
-rw-r--r-- | sql/wsrep_schema.cc | 4 | ||||
-rw-r--r-- | sql/wsrep_sst.cc | 6 | ||||
-rw-r--r-- | sql/wsrep_thd.cc | 26 |
5 files changed, 30 insertions, 26 deletions
diff --git a/sql/wsrep_mysqld.cc b/sql/wsrep_mysqld.cc index 74a28c4724f..0a9adc5fa2c 100644 --- a/sql/wsrep_mysqld.cc +++ b/sql/wsrep_mysqld.cc @@ -2696,7 +2696,7 @@ void* start_wsrep_THD(void *arg) WSREP_DEBUG("wsrep system thread %llu, %p starting", thd->thread_id, thd); - thd_args->fun()(thd, thd_args->args()); + thd_args->fun()(thd, static_cast<void *>(thd_args)); WSREP_DEBUG("wsrep system thread: %llu, %p closing", thd->thread_id, thd); @@ -2707,8 +2707,6 @@ void* start_wsrep_THD(void *arg) close_connection(thd, 0); - delete thd_args; - mysql_mutex_lock(&LOCK_wsrep_slave_threads); DBUG_ASSERT(wsrep_running_threads > 0); wsrep_running_threads--; @@ -2727,6 +2725,7 @@ void* start_wsrep_THD(void *arg) break; } + delete thd_args; WSREP_DEBUG("wsrep running threads now: %lu", wsrep_running_threads); mysql_cond_broadcast(&COND_wsrep_slave_threads); mysql_mutex_unlock(&LOCK_wsrep_slave_threads); diff --git a/sql/wsrep_mysqld.h b/sql/wsrep_mysqld.h index 8714753ba76..d71d4afea11 100644 --- a/sql/wsrep_mysqld.h +++ b/sql/wsrep_mysqld.h @@ -411,18 +411,17 @@ typedef void (*wsrep_thd_processor_fun)(THD*, void *); class Wsrep_thd_args { public: - Wsrep_thd_args(wsrep_thd_processor_fun fun, void* args, - wsrep_thread_type thread_type) + Wsrep_thd_args(wsrep_thd_processor_fun fun, + wsrep_thread_type thread_type, + pthread_t thread_id) : fun_ (fun), - args_ (args), - thread_type_ (thread_type) + thread_type_ (thread_type), + thread_id_ (thread_id) { } wsrep_thd_processor_fun fun() { return fun_; } - - void* args() { return args_; } - + pthread_t* thread_id() {return &thread_id_; } enum wsrep_thread_type thread_type() {return thread_type_;} private: @@ -431,8 +430,8 @@ class Wsrep_thd_args Wsrep_thd_args& operator=(const Wsrep_thd_args&); wsrep_thd_processor_fun fun_; - void* args_; enum wsrep_thread_type thread_type_; + pthread_t thread_id_; }; void* start_wsrep_THD(void*); diff --git a/sql/wsrep_schema.cc b/sql/wsrep_schema.cc index c1b955e4483..064b6cf9f46 100644 --- a/sql/wsrep_schema.cc +++ b/sql/wsrep_schema.cc @@ -474,7 +474,9 @@ static int scan(TABLE* table, uint field, char* strbuf, uint strbuf_len) { String str; (void)table->field[field]->val_str(&str); - strncpy(strbuf, str.c_ptr(), std::min(str.length(), strbuf_len)); + LEX_CSTRING tmp= str.lex_cstring(); + uint len = tmp.length; + strncpy(strbuf, tmp.str, std::min(len, strbuf_len)); strbuf[strbuf_len - 1]= '\0'; return 0; } diff --git a/sql/wsrep_sst.cc b/sql/wsrep_sst.cc index 89e637ae075..5602b13f4fd 100644 --- a/sql/wsrep_sst.cc +++ b/sql/wsrep_sst.cc @@ -640,7 +640,7 @@ static ssize_t sst_prepare_other (const char* method, const char** addr_out) { bool extra_args; - size_t const cmd_len= estimate_cmd_len(&extra_args); + ssize_t const cmd_len= estimate_cmd_len(&extra_args); wsp::string cmd_str(cmd_len); if (!cmd_str()) @@ -953,7 +953,7 @@ static int sst_donate_mysqldump (const char* addr, memcpy(host, address.get_address(), address.get_address_len()); int port= address.get_port(); bool extra_args; - size_t const cmd_len= estimate_cmd_len(&extra_args); + ssize_t const cmd_len= estimate_cmd_len(&extra_args); wsp::string cmd_str(cmd_len); if (!cmd_str()) @@ -1350,7 +1350,7 @@ static int sst_donate_other (const char* method, char** env) // carries auth info { bool extra_args; - size_t const cmd_len= estimate_cmd_len(&extra_args); + ssize_t const cmd_len= estimate_cmd_len(&extra_args); wsp::string cmd_str(cmd_len); if (!cmd_str()) diff --git a/sql/wsrep_thd.cc b/sql/wsrep_thd.cc index 5907d495ee9..659bb8545b2 100644 --- a/sql/wsrep_thd.cc +++ b/sql/wsrep_thd.cc @@ -86,7 +86,7 @@ static void wsrep_replication_process(THD *thd, static bool create_wsrep_THD(Wsrep_thd_args* args) { ulong old_wsrep_running_threads= wsrep_running_threads; - pthread_t unused; + #ifdef HAVE_PSI_THREAD_INTERFACE PSI_thread_key key; @@ -103,7 +103,7 @@ static bool create_wsrep_THD(Wsrep_thd_args* args) break; } #endif - bool res= mysql_thread_create(key, &unused, &connection_attrib, + bool res= mysql_thread_create(key, args->thread_id(), &connection_attrib, start_wsrep_THD, (void*)args); /* if starting a thread on server startup, wait until the this thread's THD @@ -123,9 +123,9 @@ void wsrep_create_appliers(long threads) /* Dont' start slave threads if wsrep-provider or wsrep-cluster-address is not set. */ - if (!WSREP_PROVIDER_EXISTS) + if (!WSREP_PROVIDER_EXISTS) { - return; + return; } if (!wsrep_cluster_address || wsrep_cluster_address[0]== 0) @@ -135,11 +135,12 @@ void wsrep_create_appliers(long threads) } long wsrep_threads=0; - + while (wsrep_threads++ < threads) { - Wsrep_thd_args* args(new Wsrep_thd_args(wsrep_replication_process, 0, - WSREP_APPLIER_THREAD)); + Wsrep_thd_args* args(new Wsrep_thd_args(wsrep_replication_process, + WSREP_APPLIER_THREAD, + pthread_self())); if (create_wsrep_THD(args)) { WSREP_WARN("Can't create thread to manage wsrep replication"); @@ -328,16 +329,19 @@ void wsrep_create_rollbacker() { if (wsrep_cluster_address && wsrep_cluster_address[0] != 0) { - Wsrep_thd_args* args= new Wsrep_thd_args(wsrep_rollback_process, 0, - WSREP_ROLLBACKER_THREAD); + Wsrep_thd_args* args(new Wsrep_thd_args(wsrep_rollback_process, + WSREP_ROLLBACKER_THREAD, + pthread_self())); /* create rollbacker */ if (create_wsrep_THD(args)) WSREP_WARN("Can't create thread to manage wsrep rollback"); /* create post_rollbacker */ - args= new Wsrep_thd_args(wsrep_post_rollback_process, 0, - WSREP_ROLLBACKER_THREAD); + args= new Wsrep_thd_args(wsrep_post_rollback_process, + WSREP_ROLLBACKER_THREAD, + pthread_self()); + if (create_wsrep_THD(args)) WSREP_WARN("Can't create thread to manage wsrep post rollback"); } |