maria-developers team mailing list archive

[Sergei Golubchik <serg@xxxxxxxxxxxx>]

Hi, Markus!

On Aug 16, Markus Pilman wrote:
> Hi all,
> 
> I ran into a strange problem:
> 
> I am working on a storage engine for MariaDB. To access field
> information I usually do as written in the documentation:
> 
>     for (Field** field = table->field; *field; ++field) { /* some code here */ }
> 
> This works fine in most cases (for writing - read handler::write_row -
> it seems to work always) but sometimes (I think always in the
> index_next method) accessing **(table->field) results in a
> segmentation fault (but *(table->field) is not null, but something
> like 0x5e6f4c6d4578244d). Strange enough, this error does not happen
> always. In the debugger I saw, that table_share->field points to the
> correct location there so I replaces table->field in the above loop
> with table_share->field. But this also seems to not work - it now
> crashes on other queries (also on updates, but after restarting
> MariaDB it also crashes on a full table scan).

Normaly you should always use table->field, not table_share->field.
If a table is used by many threads, or by the same thread many times -
in other words, if many instances of your handler class are created -
they will use different TABLE objects, but the same TABLE_SHARE.

So, table_share->field objects necessarily will have the same ptr in all
threads, it's not what you usually want.

A strange value of *(table->field) looks like a memory corruption. May
be your code writes to a free'd memory somewhere, or dereferences a
dangled pointer. Can you show the stack trace of the crash?

Regards,
Sergei