Bug #24331 Uninitialized record in LCP scan for diskdata
Submitted: 15 Nov 2006 9:37 Modified: 7 Dec 2006 4:57
Reporter: Jonas Oreland Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Cluster: Disk Data Severity:S3 (Non-critical)
Version: OS:Any
Assigned to: Jonas Oreland CPU Architecture:Any
Tags: 5.1

[15 Nov 2006 9:37] Jonas Oreland
Description:
Date: Wed, 15 Nov 2006 10:43:24 +0200
From: Vasil Dimov <vd@FreeBSD.org>
To: internals@lists.mysql.com
Subject: ndb: usage of uninitialized memory

How to repeat:
 

Suggested fix:
[15 Nov 2006 9:38] Jonas Oreland
===== dbtup/DbtupGen.cpp 1.31 vs edited =====
--- 1.31/storage/ndb/src/kernel/blocks/dbtup/DbtupGen.cpp       2006-11-15 10:29:28 +01:00
+++ dbtup/DbtupGen.cpp  2006-11-15 10:29:13 +01:00
@@ -329,6 +329,7 @@
 
   ScanOpPtr lcp;
   ndbrequire(c_scanOpPool.seize(lcp));
+  new (lcp.p) ScanOp();
   c_lcp_scan_op= lcp.i;
 
   czero = 0;
[15 Nov 2006 12:03] Jonas Oreland
===== DbtupScan.cpp 1.15 vs edited =====
--- 1.15/storage/ndb/src/kernel/blocks/dbtup/DbtupScan.cpp      2006-11-15 12:56
:06 +01:00
+++ DbtupScan.cpp       2006-11-15 12:54:50 +01:00
@@ -87,6 +87,7 @@
       
       ndbrequire(frag.m_lcp_scan_op == c_lcp_scan_op);
       c_scanOpPool.getPtr(scanPtr, frag.m_lcp_scan_op);
+      ndbrequire(scanPtr.p->m_fragPtrI == fragPtr.i);
       bits |= ScanOp::SCAN_LCP;
       if (tablePtr.p->m_attributes[MM].m_no_of_varsize > 0) {
         bits |= ScanOp::SCAN_VS;
@@ -1038,6 +1039,7 @@
   {
     ndbrequire(fragPtr.p->m_lcp_scan_op == scanPtr.i);
     fragPtr.p->m_lcp_scan_op = RNIL;
+    scanPtr.p->m_fragPtrI = RNIL;
   }
 }
 
@@ -1064,8 +1066,9 @@
     frag.m_lcp_scan_op = c_lcp_scan_op;
     ScanOpPtr scanPtr;
     c_scanOpPool.getPtr(scanPtr, frag.m_lcp_scan_op);
-    //ndbrequire(scanPtr.p->m_fragPtrI == fragPtr.i); ?
-
+    ndbrequire(scanPtr.p->m_fragPtrI == RNIL);
+    scanPtr.p->m_fragPtrI = fragPtr.i;
+    
     scanFirst(signal, scanPtr);
     scanPtr.p->m_state = ScanOp::First;
   }
[15 Nov 2006 12:50] Vasil Dimov
I confirm that the two patches, proposed by Jonas Oreland, fix the issue.
[21 Nov 2006 13:21] Bugs System
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/15635

ChangeSet@1.2328, 2006-11-21 14:21:11+01:00, jonas@perch.ndb.mysql.com +2 -0
  ndb - bug#24331
    Make sure LCP scan record is correct initialized
[7 Dec 2006 4:57] Jon Stephens
Thank you for your bug report. This issue has been committed to our source repository of that product and will be incorporated into the next release.

If necessary, you can access the source repository and build the latest available version, including the bug fix. More information about accessing the source trees is available at

    http://dev.mysql.com/doc/en/installing-source.html

Bugfix documented in 5.1.14 changelog.

Note: The original Internals mailing list thread starts here -> http://lists.mysql.com/internals/34081