maria-developers team mailing list archive

Thread
Date

Re: Missing locking around THD::set_db() ?

To: maria-developers@xxxxxxxxxxxxxxxxxxx
From: Kristian Nielsen <knielsen@xxxxxxxxxxxxxxx>
Date: Tue, 23 Apr 2013 13:09:13 +0200
In-reply-to: <871ua14ike.fsf@frigg.knielsen-hq.org> (Kristian Nielsen's message of "Tue, 23 Apr 2013 13:01:21 +0200")
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/23.4 (gnu/linux)

Kristian Nielsen <knielsen@xxxxxxxxxxxxxxx> writes:

> What happens seems to be this:
>
> Thread 1 is running SHOW PROCESSLIST, it grabs the pointer THD::db to the
> current database of thread 2.
>
> Thread 2 then does THD::set_db(), freeing the old THD::db pointer and
> allocating a new one with the new data.
>
> Thread 1 then resumes, doing strdup() of the _old_, now invalid, THD::db
> pointer, which reads garbage data (or could even segfault if we get really
> unlucky).

I filed MDEV-4422 for this.

 - Kristian.

References

Missing locking around THD::set_db() ?
From: Kristian Nielsen, 2013-04-23