diff options
| author | Aditya A <aditya.a@oracle.com> | 2013-03-13 11:43:21 +0530 |
|---|---|---|
| committer | Aditya A <aditya.a@oracle.com> | 2013-03-13 11:43:21 +0530 |
| commit | 59bc951a1fce42ccbaf4099171c815493ad4dde1 (patch) | |
| tree | 5339bdce7327489b8d17742f8b00619716464b8d /storage/innobase | |
| parent | 5d165fbd22b9b317967bea31ffb8182ad4b7e9bd (diff) | |
| download | mariadb-git-59bc951a1fce42ccbaf4099171c815493ad4dde1.tar.gz | |
Bug#16268289 LOCK_REC_VALIDATE_PAGE() MAY DEREFERENCE A POINTER TO A
FREED LOCK
ANALYIS
-------
In 5.5 code the lock_rec_block_validate() is called after releasing
the kernel mutex. There is a chance that the lock might be invalid so,
we are getting the valgrind error on invalid read on lock->index.
FIX
---
Fix would be to copy the lock->index when we are holding the kernel mutex
and then pass it to the lock_rec_block_validate(). This implementation
is present in 5.1 code.
[ Approved by sunny rb.no.oracle.com/rb/r/2152/ ]
Diffstat (limited to 'storage/innobase')
| -rw-r--r-- | storage/innobase/lock/lock0lock.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/storage/innobase/lock/lock0lock.c b/storage/innobase/lock/lock0lock.c index a5ce43496af..cd9db2a02b1 100644 --- a/storage/innobase/lock/lock0lock.c +++ b/storage/innobase/lock/lock0lock.c @@ -4980,6 +4980,7 @@ lock_rec_validate_page( { const lock_t* lock; const rec_t* rec; + dict_index_t* index; ulint nth_lock = 0; ulint nth_bit = 0; ulint i; @@ -5029,6 +5030,7 @@ loop: if (i == 1 || lock_rec_get_nth_bit(lock, i)) { + index = lock->index; rec = page_find_rec_with_heap_no(block->frame, i); ut_a(rec); offsets = rec_get_offsets(rec, lock->index, offsets, @@ -5045,7 +5047,7 @@ loop: check WILL break the latching order and may cause a deadlock of threads. */ - lock_rec_queue_validate(block, rec, lock->index, + lock_rec_queue_validate(block, rec, index, offsets); lock_mutex_enter_kernel(); |