| Bug #45796 | invalid memory reads and writes when altering merge and base tables | ||
|---|---|---|---|
| Submitted: | 26 Jun 2009 23:49 | Modified: | 16 Jul 2009 14:06 |
| Reporter: | Shane Bester (Platinum Quality Contributor) | Email Updates: | |
| Status: | Closed | Impact on me: | |
| Category: | MySQL Server: Merge storage engine | Severity: | S1 (Critical) |
| Version: | 5.1.34, 5.1.37 | OS: | Any |
| Assigned to: | Alexey Kopytov | CPU Architecture: | Any |
| Tags: | regression | ||
[26 Jun 2009 23:49]
Shane Bester
[26 Jun 2009 23:51]
MySQL Verification Team
full valgrind error output
Attachment: bug45796_5.1.37_full_valgrind_output.txt (text/plain), 14.17 KiB.
[10 Jul 2009 11:34]
Bugs System
A patch for this bug has been committed. After review, it may be pushed to the relevant source trees for release in the next version. You can access the patch from: http://lists.mysql.com/commits/78374 3006 Alexey Kopytov 2009-07-10 Bug #45796: invalid memory reads and writes when altering merge and base tables myrg_attach_children() could reuse a buffer that was allocated previously based on a definition of a child table. The problem was that the child's definition might have been changed, so reusing the buffer could lead to crashes or valgrind errors under some circumstances. Fixed by changing myrg_attach_children() so that the rec_per_key_part buffer is reused only when the child table have not changed, and reallocated otherwise (the old buffer is deallocated if necessary). modified: include/myisammrg.h mysql-test/r/merge.result mysql-test/t/merge.test storage/myisammrg/ha_myisammrg.cc storage/myisammrg/myrg_open.c
[13 Jul 2009 17:48]
Bugs System
Pushed into 5.1.37 (revid:joro@sun.com-20090713174543-cd2x7q1gi1hzoand) (version source revid:alexey.kopytov@sun.com-20090712145643-t991j92a43izo8nr) (merge vers: 5.1.37) (pib:11)
[16 Jul 2009 14:06]
Tony Bedford
An entry was added to the 5.1.37 changelog: Invalid memory reads and writes were generated when altering merge and base tables. This could lead to a crash or Valgrind errors: ==28038== Invalid write of size 1 at: memset (mc_replace_strmem.c:479) by: myrg_attach_children (myrg_open.c:433) by: ha_myisammrg::attach_children() (ha_myisammrg.cc:546) by: ha_myisammrg::extra(ha_extra_function) (ha_myisammrg.cc:944) by: attach_merge_children(TABLE_LIST*) (sql_base.cc:4147) by: open_tables(THD*, TABLE_LIST**, unsigned*, unsigned) (sql_base.cc:4709) by: open_and_lock_tables_derived(THD*, TABLE_LIST*, bool) (sql_base.cc:4977) by: open_n_lock_single_table (mysql_priv.h:1550) by: mysql_alter_table(sql_table.cc:6428) by: mysql_execute_command(THD*) (sql_parse.cc:2860) by: mysql_parse(THD*, char const*, unsigned, char const**) (sql_parse.cc:5933) by: dispatch_command (sql_parse.cc:1213)
[4 Aug 2009 19:51]
Bugs System
Pushed into 5.4.4-alpha (revid:alik@sun.com-20090804194615-h40sa098mx4z49qg) (version source revid:alexey.kopytov@sun.com-20090712150910-yzwm265x62239mm5) (merge vers: 5.4.4-alpha) (pib:11)
[26 Aug 2009 13:46]
Bugs System
Pushed into 5.1.37-ndb-7.0.8 (revid:jonas@mysql.com-20090826132541-yablppc59e3yb54l) (version source revid:jonas@mysql.com-20090826132541-yablppc59e3yb54l) (merge vers: 5.1.37-ndb-7.0.8) (pib:11)
[26 Aug 2009 13:46]
Bugs System
Pushed into 5.1.37-ndb-6.3.27 (revid:jonas@mysql.com-20090826105955-bkj027t47gfbamnc) (version source revid:jonas@mysql.com-20090826105955-bkj027t47gfbamnc) (merge vers: 5.1.37-ndb-6.3.27) (pib:11)
[26 Aug 2009 13:48]
Bugs System
Pushed into 5.1.37-ndb-6.2.19 (revid:jonas@mysql.com-20090825194404-37rtosk049t9koc4) (version source revid:jonas@mysql.com-20090825194404-37rtosk049t9koc4) (merge vers: 5.1.37-ndb-6.2.19) (pib:11)
[27 Aug 2009 16:33]
Bugs System
Pushed into 5.1.35-ndb-7.1.0 (revid:magnus.blaudd@sun.com-20090827163030-6o3kk6r2oua159hr) (version source revid:jonas@mysql.com-20090826132541-yablppc59e3yb54l) (merge vers: 5.1.37-ndb-7.0.8) (pib:11)
