Bug #24331 Uninitialized record in LCP scan for diskdata
Submitted: 15 Nov 2006 10:37 Modified: 7 Dec 2006 5:57
Reporter: Jonas Oreland
Status: Closed
Category:Server: ClusterDD Severity:S3 (Non-critical)
Version: OS:Any
Assigned to: Jonas Oreland Target Version:
Tags: 5.1

[15 Nov 2006 10:37] Jonas Oreland 
Description:
Date: Wed, 15 Nov 2006 10:43:24 +0200
From: Vasil Dimov <vd@FreeBSD.org>
To: internals@lists.mysql.com
Subject: ndb: usage of uninitialized memory

How to repeat:
 

Suggested fix:
[15 Nov 2006 10:38] Jonas Oreland 
===== dbtup/DbtupGen.cpp 1.31 vs edited =====
--- 1.31/storage/ndb/src/kernel/blocks/dbtup/DbtupGen.cpp       2006-11-15 10:29:28
+01:00
+++ dbtup/DbtupGen.cpp  2006-11-15 10:29:13 +01:00
@@ -329,6 +329,7 @@
 
   ScanOpPtr lcp;
   ndbrequire(c_scanOpPool.seize(lcp));
+  new (lcp.p) ScanOp();
   c_lcp_scan_op= lcp.i;
 
   czero = 0;
[15 Nov 2006 13:03] Jonas Oreland 
===== DbtupScan.cpp 1.15 vs edited =====
--- 1.15/storage/ndb/src/kernel/blocks/dbtup/DbtupScan.cpp      2006-11-15 12:56
:06 +01:00
+++ DbtupScan.cpp       2006-11-15 12:54:50 +01:00
@@ -87,6 +87,7 @@
       
       ndbrequire(frag.m_lcp_scan_op == c_lcp_scan_op);
       c_scanOpPool.getPtr(scanPtr, frag.m_lcp_scan_op);
+      ndbrequire(scanPtr.p->m_fragPtrI == fragPtr.i);
       bits |= ScanOp::SCAN_LCP;
       if (tablePtr.p->m_attributes[MM].m_no_of_varsize > 0) {
         bits |= ScanOp::SCAN_VS;
@@ -1038,6 +1039,7 @@
   {
     ndbrequire(fragPtr.p->m_lcp_scan_op == scanPtr.i);
     fragPtr.p->m_lcp_scan_op = RNIL;
+    scanPtr.p->m_fragPtrI = RNIL;
   }
 }
 
@@ -1064,8 +1066,9 @@
     frag.m_lcp_scan_op = c_lcp_scan_op;
     ScanOpPtr scanPtr;
     c_scanOpPool.getPtr(scanPtr, frag.m_lcp_scan_op);
-    //ndbrequire(scanPtr.p->m_fragPtrI == fragPtr.i); ?
-
+    ndbrequire(scanPtr.p->m_fragPtrI == RNIL);
+    scanPtr.p->m_fragPtrI = fragPtr.i;
+    
     scanFirst(signal, scanPtr);
     scanPtr.p->m_state = ScanOp::First;
   }
[15 Nov 2006 13:50] Vasil Dimov 
I confirm that the two patches, proposed by Jonas Oreland, fix the issue.
[21 Nov 2006 14:21] Bugs System 
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/15635

ChangeSet@1.2328, 2006-11-21 14:21:11+01:00, jonas@perch.ndb.mysql.com +2 -0
  ndb - bug#24331
    Make sure LCP scan record is correct initialized
[7 Dec 2006 5:57] Jon Stephens 
Thank you for your bug report. This issue has been committed to our source repository of
that product and will be incorporated into the next release.

If necessary, you can access the source repository and build the latest available
version, including the bug fix. More information about accessing the source trees is
available at

    http://dev.mysql.com/doc/en/installing-source.html

Bugfix documented in 5.1.14 changelog.

Note: The original Internals mailing list thread starts here ->
http://lists.mysql.com/internals/34081