maria-developers team mailing list archive

Thread
Date

Re: fa0b71b0e19: MDEV-10259 mysqld crash with certain statement length and...

To: maria-developers@xxxxxxxxxxxxxxxxxxx
From: Sergei Golubchik <serg@xxxxxxxxxxx>
Date: Tue, 8 May 2018 14:58:36 +0200
In-reply-to: <20180508115546.186BED20048@sachin-desk.localdomain>
User-agent: Mutt/1.7.2 (2016-11-26)

Hi, Sachin!

On May 08, Sachin Setiya wrote:
> diff --git a/unittest/sql/mf_iocache-t.cc b/unittest/sql/mf_iocache-t.cc
> index 31f98562521..d5e2ffb095e 100644
> --- a/unittest/sql/mf_iocache-t.cc
> +++ b/unittest/sql/mf_iocache-t.cc
> @@ -187,10 +187,71 @@ void mdev9044()
>    close_cached_file(&info);
>  }
>  
> +/* 2 Reads in cache makes second read to fail (only if first read uses temp file) */
> +void mdev10259()
> +{
> +  int res;
> +  uchar buf[CACHE_SIZE + 200];
> +  memset(buf, FILL, sizeof(buf));
> +
> +  diag("MDEV-10259- mysqld crash with certain statement length and order with"
> +         " Galera and encrypt-tmp-files=1");
> +
> +  init_io_cache_encryption();
> +
> +  res= open_cached_file(&info, 0, 0, CACHE_SIZE, 0);
> +  ok(res == 0, "open_cached_file" INFO_TAIL);
> +
> +  res= my_b_write(&info, buf, sizeof(buf));
> +  ok(res == 0 && info.pos_in_file == CACHE_SIZE, "large write" INFO_TAIL);
> +
> +  res= my_b_flush_io_cache(&info, 1);
> +  ok(res == 0, "flush" INFO_TAIL);

I think this misses the point. The bug happened when the data is in the
cache, and there's no file to read from, so when the data is lost - it's
forever.

But my_b_flush_io_cache() writes the buffer to a file, so my_b_fill()
can read it even if the buffer is emptied. Meaning, I suspect that if
you remove your fix from mf_iocache_encr.cc, this unit test will still
pass. Please double-check that your test fails without a fix.

Ok to push after that.

> +  res= reinit_io_cache(&info, READ_CACHE, 0, 0, 0);
> +  ok(res == 0, "reinit READ_CACHE" INFO_TAIL);

Regards,
Sergei
Chief Architect MariaDB
and security@xxxxxxxxxxx