From eef21014898d61e77890359d6546d4985d829ef6 Mon Sep 17 00:00:00 2001 From: Sergei Golubchik Date: Thu, 16 Feb 2017 11:32:47 +0100 Subject: MDEV-11933 Wrong usage of linked list in mysql_prune_stmt_list mysql_prune_stmt_list() was walking the list following element->next pointers, but inside the loop it was invoking list_add(element) that modified element->next. So, mysql_prune_stmt_list() failed to visit and reset all elements, and some of them were left with pointers to invalid MYSQL. --- sql-common/client.c | 11 ++--------- 1 file changed, 2 insertions(+), 9 deletions(-) (limited to 'sql-common') diff --git a/sql-common/client.c b/sql-common/client.c index c2e0cc3161a..b348afcff2d 100644 --- a/sql-common/client.c +++ b/sql-common/client.c @@ -1,5 +1,5 @@ /* Copyright (c) 2003, 2016, Oracle and/or its affiliates. - Copyright (c) 2009, 2016, MariaDB + Copyright (c) 2009, 2017, MariaDB This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -3819,8 +3819,6 @@ static void mysql_close_free(MYSQL *mysql) static void mysql_prune_stmt_list(MYSQL *mysql) { LIST *element= mysql->stmts; - LIST *pruned_list= 0; - for (; element; element= element->next) { MYSQL_STMT *stmt= (MYSQL_STMT *) element->data; @@ -3830,14 +3828,9 @@ static void mysql_prune_stmt_list(MYSQL *mysql) stmt->last_errno= CR_SERVER_LOST; strmov(stmt->last_error, ER(CR_SERVER_LOST)); strmov(stmt->sqlstate, unknown_sqlstate); - } - else - { - pruned_list= list_add(pruned_list, element); + mysql->stmts= list_delete(mysql->stmts, element); } } - - mysql->stmts= pruned_list; } -- cgit v1.2.1