maria-developers team mailing list archive

Thread
Date

Re: Missing locking around THD::set_db() ?

To: Kristian Nielsen <knielsen@xxxxxxxxxxxxxxx>
From: Sergei Golubchik <serg@xxxxxxxxxxxx>
Date: Tue, 23 Apr 2013 06:51:05 -0700
Cc: maria-developers@xxxxxxxxxxxxxxxxxxx
In-reply-to: <871ua14ike.fsf@frigg.knielsen-hq.org>
User-agent: Mutt/1.5.21 (2010-09-15)

Hi, Kristian!

On Apr 23, Kristian Nielsen wrote:
> 
> I was looking at a Valgrind warning in Buildbot (appended below).
> 
> Thread 1 is running SHOW PROCESSLIST, it grabs the pointer THD::db to
> the current database of thread 2.
> Thread 2 then does THD::set_db(), freeing the old THD::db pointer and
> allocating a new one with the new data.
> Thread 1 then resumes, doing strdup() of the _old_, now invalid,
> THD::db pointer, which reads garbage data (or could even segfault if
> we get really unlucky).
> 
> This seems like a genuine bug. I see absolutely no locking protecting
> against this race :-(
> 
> Any suggestions for how to deal with this?

I'd say, let's use a fixed buffer in 5.1-5.5.
In 10.0 a better way would be to use Sergey Petrunia's
APC subsystem for that.

Regards,
Sergei

References

Missing locking around THD::set_db() ?
From: Kristian Nielsen, 2013-04-23