Bug #51208 Extra string allocation from thd->mem_root in sql_show.cc, find_files()
Submitted: 16 Feb 2010 14:29 Modified: 20 Nov 2010 22:44
Reporter: Kevin Lewis Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Server: Information schema Severity:S3 (Non-critical)
Version:5.1 OS:Any
Assigned to: Georgi Kodinov CPU Architecture:Any
Tags: Leak, memory leak
Triage: Triaged: D2 (Serious)

[16 Feb 2010 14:29] Kevin Lewis
Description:
In sql_show.cc, function find_files() there is a *for* loop which looks at each file name in the current directory.  If the function is called by make_db_list(), with dir=true, the last thing it does in that section is;

   if (!(file_name=
         thd->make_lex_string(file_name, uname, file_name_len, TRUE)))
   {
     my_dirend(dirp);
     DBUG_RETURN(FIND_FILES_OOM);
   }

If that succeeds, it will fall through to below the 'else' section where it checks privileges and then does this;

   if (!(file_name=
         thd->make_lex_string(file_name, uname, file_name_len, TRUE)) ||
       files->push_back(file_name))
   {
     my_dirend(dirp);
     DBUG_RETURN(FIND_FILES_OOM);
   }

The first allocated memory buffer pointed to by file_name for is replaced by the second buffer.  The first pointer was thus lost.  The actual memory comes out of thd->mem_root which is released at the end of the transaction.  So it does not actually leak memory.

But the first allocation is redundant and should be removed.

How to repeat:
Debug the code.

Suggested fix:
Remove the following code from find_files() in sql_show.cc

-   if (!(file_name=
-         thd->make_lex_string(file_name, uname, file_name_len, TRUE)))
-   {
-     my_dirend(dirp);
-     DBUG_RETURN(FIND_FILES_OOM);
-   }
[16 Feb 2010 14:46] Valeriy Kravchuk
Thank you for the problem report. Verified with recent 5.1.45 from bzr by code review.
[25 Feb 2010 9:59] Bugs System
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/101416

3354 Georgi Kodinov	2010-02-25
      Bug #51208: Extra string allocation from thd->mem_root 
      in sql_show.cc, find_files()
      
      Removed the extra allocation.
[25 Feb 2010 15:37] Bugs System
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/101466

3356 Georgi Kodinov	2010-02-25
      Bug #51208: Extra string allocation from thd->mem_root 
      in sql_show.cc, find_files()
      
      Removed the extra allocation.
[2 Mar 2010 14:34] Bugs System
Pushed into 6.0.14-alpha (revid:alik@sun.com-20100302142746-u1gxdf5yk2bjrq3e) (version source revid:alik@sun.com-20100301095421-4cz64ibem1h2quve) (merge vers: 6.0.14-alpha) (pib:16)
[3 Mar 2010 1:10] Paul Dubois
Noted in 6.0.14 changelog.

The find_files() function used by SHOW statements performed redundant
and unnecessary memory allocation. 

Setting report to Need Merge pending push to 5.1.x, Celosia.
[2 Nov 2010 13:21] Bugs System
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/122535

3550 Georgi Kodinov	2010-11-02
      Bug #51208: Extra string allocation from thd->mem_root 
      in sql_show.cc, find_files()
      
      Removed the extra allocation.
[13 Nov 2010 16:12] Bugs System
Pushed into mysql-trunk 5.6.99-m5 (revid:alexander.nozdrin@oracle.com-20101113155825-czmva9kg4n31anmu) (version source revid:alexander.nozdrin@oracle.com-20101113152450-2zzcm50e7i4j35v7) (merge vers: 5.6.1-m4) (pib:21)
[13 Nov 2010 16:32] Bugs System
Pushed into mysql-next-mr (revid:alexander.nozdrin@oracle.com-20101113160336-atmtmfb3mzm4pz4i) (version source revid:alexander.nozdrin@oracle.com-20101113152540-gxro4g0v29l27f5x) (pib:21)
[20 Nov 2010 22:44] Paul Dubois
Noted in 5.1.54, 5.5.8 changelogs.
[15 Dec 2010 5:53] Bugs System
Pushed into mysql-5.1 5.1.55 (revid:sunanda.menon@oracle.com-20101215054055-vgwki317xg1wphhh) (version source revid:sunanda.menon@oracle.com-20101215054055-vgwki317xg1wphhh) (merge vers: 5.1.55) (pib:23)
[16 Dec 2010 22:34] Bugs System
Pushed into mysql-5.5 5.5.9 (revid:jonathan.perkin@oracle.com-20101216101358-fyzr1epq95a3yett) (version source revid:jonathan.perkin@oracle.com-20101216101358-fyzr1epq95a3yett) (merge vers: 5.5.9) (pib:24)