Bug #41250 Resources not freed properly in the backup stream library
Submitted: 5 Dec 2008 8:25 Modified: 8 Apr 2009 0:24
Reporter: Rafal Somla Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Server: Backup Severity:S2 (Serious)
Version:6.0-backup OS:Any
Assigned to: Jørgen Løland CPU Architecture:Any

[5 Dec 2008 8:25] Rafal Somla 
Description:
Backup stream library uses iterators provided by its client. An iterator is created with e.g., bcat_iterator_get() and afterwards should be disposed using bcat_iterator_free(). But for some execution paths which are entered when errors are detected, bcat_iterator_free() is not called. This can lead to resource leaks.

How to repeat:
Code inspection in sql/backup/stream_v1.c, e.g., function bstream_wr_meta_data().

Suggested fix:
=== modified file 'sql/backup/stream_v1.c'
--- sql/backup/stream_v1.c      2008-11-13 13:02:36 +0000
+++ sql/backup/stream_v1.c      2008-12-04 14:42:52 +0000
@@ -1174,7 +1174,7 @@ int read_and_create_items(backup_stream 
 /** Write meta-data section of a backup image */
 int bstream_wr_meta_data(backup_stream *s, struct st_bstream_image_header *cat)
 {
-  void *iter, *titer;
+  void *iter= NULL, *titer= NULL;  // Note: these must be freed.
   struct st_bstream_item_info *item;
   struct st_bstream_db_info   *db_info;
   int ret= BSTREAM_OK;
@@ -1199,6 +1199,7 @@ int bstream_wr_meta_data(backup_stream *
     CHECK_WR_RES(bstream_wr_item_type(s,BSTREAM_IT_LAST));
 
   bcat_iterator_free(cat,iter);
+  iter= NULL;
 
   /* tables */
 
@@ -1233,9 +1234,11 @@ int bstream_wr_meta_data(backup_stream *
       CHECK_WR_RES(bstream_wr_item_type(s,BSTREAM_IT_LAST));
 
     bcat_db_iterator_free(cat,db_info,titer);
+    titer= NULL;
   }
 
   bcat_iterator_free(cat,iter);
+  iter= NULL;
 
   /* if we found no databases in the catalogue, we are done */
   if (!has_db)
@@ -1259,6 +1262,7 @@ int bstream_wr_meta_data(backup_stream *
   }
 
   bcat_iterator_free(cat,iter);
+  iter= NULL;
 
   /* per-table items */
 
@@ -1278,7 +1282,11 @@ int bstream_wr_meta_data(backup_stream *
   }
 
 wr_error:
-  bcat_iterator_free(cat,iter);
+
+  if (titer)
+    bcat_db_iterator_free(cat, db_info, titer);
+  if (iter)
+    bcat_iterator_free(cat, iter);
 
   return ret;
 }

Note that the same problem occurs also in other functions using iterators.
[6 Feb 2009 10:14] Bugs System 
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/65453

2762 Jorgen Loland	2009-02-06
      Bug#41250 - Resources not freed properly in the backup stream library
      
      There are a lot of occurences where resources are not freed when entering error handling code. This patch frees up these resources.
[6 Feb 2009 18:48] Rafal Somla 
Good to push.
[11 Feb 2009 8:12] Bugs System 
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/65835

2764 Jorgen Loland	2009-02-11
      Bug#41250 - Resources not freed properly in the backup stream library
            
      There are a lot of occurences where resources are not freed when entering error handling code. This patch frees up these resources.
[26 Mar 2009 12:34] Bugs System 
Pushed into 6.0.11-alpha (revid:alik@sun.com-20090326121822-pt84kzxxayzho4mn) (version source revid:rafal.somla@sun.com-20090302164601-znhm4tadplfi2iqu) (merge vers: 6.0.11-alpha) (pib:6)
[8 Apr 2009 0:24] Paul DuBois 
Noted in 6.0.11 changelog.

Several resource leaks were corrected in the error-handling code for
the MySQL Backup library.