diff options
| author | Thirunarayanan Balathandayuthapani <thiru@mariadb.com> | 2020-07-24 20:17:43 +0530 |
|---|---|---|
| committer | Thirunarayanan Balathandayuthapani <thiru@mariadb.com> | 2020-07-24 20:30:06 +0530 |
| commit | 744919552cc6a2b1229dbaa59f65d798122c6adb (patch) | |
| tree | f886d8631f22ba4e16bfdbbbdf26e0a09b4ddba9 /storage/innobase/include/buf0buf.h | |
| parent | a18639f1a913b446f32d7fbe531aa0d5782cf720 (diff) | |
| download | mariadb-git-744919552cc6a2b1229dbaa59f65d798122c6adb.tar.gz | |
MDEV-23229 Read of Uninitialized memory during buffer pool resizing
commit b1ab211dee599eabd9a5b886fafa3adea29ae041 (MDEV-15053)
introduced the code to unfix the block earlier in buf_block_t::unfix().
After unfixing the block, InnoDB can withdraw the block from the
buffer pool and deallocate it while doing buffer pool resizing.
So subsequent assert could leads to uninitialized memory access of
block.
buf_block_t::unfix(): Unfix the block after checking the assert.
Diffstat (limited to 'storage/innobase/include/buf0buf.h')
| -rw-r--r-- | storage/innobase/include/buf0buf.h | 5 |
1 files changed, 2 insertions, 3 deletions
diff --git a/storage/innobase/include/buf0buf.h b/storage/innobase/include/buf0buf.h index 0591d6ac19c..2677d4228fa 100644 --- a/storage/innobase/include/buf0buf.h +++ b/storage/innobase/include/buf0buf.h @@ -1198,12 +1198,11 @@ struct buf_block_t{ void fix() { page.fix(); } uint32_t unfix() { - uint32_t fix_count= page.unfix(); - ut_ad(fix_count || page.io_fix() != BUF_IO_NONE || + ut_ad(page.buf_fix_count() || page.io_fix() != BUF_IO_NONE || page.state() == BUF_BLOCK_ZIP_PAGE || !rw_lock_own_flagged(&lock, RW_LOCK_FLAG_X | RW_LOCK_FLAG_S | RW_LOCK_FLAG_SX)); - return fix_count; + return page.unfix(); } /** @return the physical size, in bytes */ |