Bug #75373 | incorrect expression | ||
---|---|---|---|
Submitted: | 1 Jan 2015 11:11 | Modified: | 9 Jan 2015 15:31 |
Reporter: | Joshua Rogers | Email Updates: | |
Status: | Closed | Impact on me: | |
Category: | MySQL Server: InnoDB storage engine | Severity: | S3 (Non-critical) |
Version: | 5.7.6 | OS: | Any |
Assigned to: | CPU Architecture: | Any |
[1 Jan 2015 11:11]
Joshua Rogers
[1 Jan 2015 12:27]
MySQL Verification Team
Thank you for the report, it looks like a cut 'n paste error to me. On 5.7.6 trunk we get this in TrxFactory::destroy: if (!trx->lock.rec_pool.empty()) { /* See lock_trx_alloc_locks() why we only free the first element. */ ut_free(trx->lock.rec_pool[0]); } if (!trx->lock.rec_pool.empty()) { /* See lock_trx_alloc_locks() why we only free the first element. */ ut_free(trx->lock.table_pool[0]); }
[5 Jan 2015 7:10]
Sunny Bains
Thanks for the bug report. The fix has been pushed.
[5 Jan 2015 9:40]
Joshua Rogers
Could this have led to a double free, by the way? Thanks,
[5 Jan 2015 10:13]
Sunny Bains
No, it was not a double free. The code with and without the fix frees two different data structures. The worst case was the equivalent of ut_free(NULL).
[9 Jan 2015 15:31]
Daniel Price
Posted by developer: Fixed as of the upcoming 5.7.6 release, and here's the changelog entry: An incorrect expression was used in "/storage/innobase/trx/trx0trx.cc". "trx->lock.rec_pool.empty()" was used instead of "trx->lock.table_pool.empty()". Thank you for the bug report.