Bug #31517 Potential crash due to access of NULL thd in mark_transaction_to_rollback()
Submitted: 10 Oct 2007 19:58 Modified: 23 Oct 2007 19:28
Reporter: Timothy Smith Email Updates:
Status: Closed Impact on me:
Category:MySQL Server: InnoDB storage engine Severity:S2 (Serious)
Version:5.0, 5.1 OS:Any
Assigned to: Timothy Smith CPU Architecture:Any

[10 Oct 2007 19:58] Timothy Smith
It is possible that mark_transaction_to_rollback() may be
called in rare circumstances when thd is NULL (e.g., from
some calls to convert_error_code_to_mysql()).

How to repeat:
Code review.

Suggested fix:
Don't use thd if it is NULL in mark_transaction_to_rollback().
[10 Oct 2007 20:23] Timothy Smith
Queued to 5.0+, in the -maint team trees.

For the docs, the fix for bug #24989, which introduced this bug, was released in 5.0.48 and 5.1.21.  This is probably a rare bug, and we're not aware of anyone having hit it.
[18 Oct 2007 21:36] Bugs System
Pushed into 5.1.23-beta
[18 Oct 2007 21:38] Bugs System
Pushed into 5.0.52
[23 Oct 2007 19:28] Paul Dubois
Noted in 5.0.52, 5.1.23 changelogs.

The fix for Bug #24989 introduced a problem such that a NULL thread 
handler could be used during a rollback operation. This problem is
unlikely to be seen in practice.