/* Testcase for http://bugs.mysql.com/bug.php?id=68244 (lock_rec_validate_page() may dereference a pointer to a freed lock) Run mysqld in valgrind, then this testcase: gcc bug68244.c -Wall -g -o bug68244 `mysql_config --libs_r` `mysql_config --include` ./bug68244 */ #include #include #include #include #include #include #include #define TESTTIME (9000) #define NUMTHREADS (40) char host[]="127.0.0.1"; int port=3306; char username[]="root"; char password[]=""; char database[]="test"; pthread_t pthreads[NUMTHREADS]; unsigned long client_version=0; unsigned long server_version=0; unsigned long num_queries=0; int threaddone=0; int db_query(MYSQL *dbc,char *sql,int showresults); char* alocmem(size_t num); void *worker_thread(void *arg) { MYSQL *dbc=NULL; my_bool auto_reconnect=1; int cancelstate=0; pthread_setcancelstate(PTHREAD_CANCEL_DISABLE,&cancelstate); dbc = mysql_init(NULL); if(NULL == dbc) { printf("mysql_init failed\n"); goto threadexit; } else { if(0!=mysql_options(dbc,MYSQL_OPT_RECONNECT,(char*)&auto_reconnect)) { printf("mysql_options() failed to set MYSQL_OPT_RECONNECT"); } if (!mysql_real_connect(dbc,host,username,password,database,port, NULL, CLIENT_FOUND_ROWS|CLIENT_MULTI_STATEMENTS|CLIENT_MULTI_RESULTS)) { printf("mysql_real_connect failed: %s (%d) (%s)", mysql_error(dbc),mysql_errno(dbc),mysql_sqlstate(dbc)); mysql_close(dbc); dbc=NULL; } } char shortquery[1024]; memset(shortquery,0,1024); char *c; c=NULL; while(0==threaddone && NULL!=dbc) { if(lrand48()%5==0) { c=shortquery; c+=sprintf(c,"%s","replace into t1(a,b,c) values ("); c+=sprintf(c,"%ld",-128 + lrand48()%255lu); c+=sprintf(c,"%s","%3,"); c+=sprintf(c,"%ld",-128 + lrand48()%255lu); c+=sprintf(c,"%s","%3,"); c+=sprintf(c,"%ld",-128 + lrand48()%255lu); c+=sprintf(c,"%s","%3)"); db_query(dbc,shortquery,1); } if(lrand48()%5==0) { c=shortquery; c+=sprintf(c,"%s","select a from t1 where b<="); c+=sprintf(c,"%ld",-128 + lrand48()%255lu); c+=sprintf(c,"%s","%3 "); db_query(dbc,shortquery,1); } if(lrand48()%5==0) { c=shortquery; c+=sprintf(c,"%s","select b from t1 where c>="); c+=sprintf(c,"%ld",-128 + lrand48()%255lu); c+=sprintf(c,"%s","%3 "); db_query(dbc,shortquery,1); } if(lrand48()%5==0) { c=shortquery; c+=sprintf(c,"%s","select c from t1 where a<>"); c+=sprintf(c,"%ld",-128 + lrand48()%255lu); c+=sprintf(c,"%s","%3 "); db_query(dbc,shortquery,1); } if(lrand48()%5==0) { c=shortquery; c+=sprintf(c,"%s","update ignore t1 set a="); c+=sprintf(c,"%ld",-128 + lrand48()%255lu); c+=sprintf(c,"%s","%3,b="); c+=sprintf(c,"%ld",-128 + lrand48()%255lu); c+=sprintf(c,"%s","%3,c="); c+=sprintf(c,"%ld",-128 + lrand48()%255lu); c+=sprintf(c,"%s","%3 where a="); c+=sprintf(c,"%ld",-128 + lrand48()%255lu); c+=sprintf(c,"%s","%3 "); db_query(dbc,shortquery,1); } if(lrand48()%5==0) { c=shortquery; c+=sprintf(c,"%s","update ignore t1 set a="); c+=sprintf(c,"%ld",-128 + lrand48()%255lu); c+=sprintf(c,"%s","%3,b="); c+=sprintf(c,"%ld",-128 + lrand48()%255lu); c+=sprintf(c,"%s","%3,c="); c+=sprintf(c,"%ld",-128 + lrand48()%255lu); c+=sprintf(c,"%s","%3 where b="); c+=sprintf(c,"%ld",-128 + lrand48()%255lu); c+=sprintf(c,"%s","%3 "); db_query(dbc,shortquery,1); } if(lrand48()%5==0) { c=shortquery; c+=sprintf(c,"%s","update ignore t1 set a="); c+=sprintf(c,"%ld",-128 + lrand48()%255lu); c+=sprintf(c,"%s","%3,b="); c+=sprintf(c,"%ld",-128 + lrand48()%255lu); c+=sprintf(c,"%s","%3,c="); c+=sprintf(c,"%ld",-128 + lrand48()%255lu); c+=sprintf(c,"%s","%3 where c="); c+=sprintf(c,"%ld",-128 + lrand48()%255lu); c+=sprintf(c,"%s","%3"); db_query(dbc,shortquery,1); } if(lrand48()%5==0) { c=shortquery; c+=sprintf(c,"%s","delete from t1 where a="); c+=sprintf(c,"%ld",-128 + lrand48()%255lu); c+=sprintf(c,"%s","%3 "); db_query(dbc,shortquery,1); } if(lrand48()%5==0) { c=shortquery; c+=sprintf(c,"%s","delete from t1 where b="); c+=sprintf(c,"%ld",-128 + lrand48()%255lu); c+=sprintf(c,"%s","%3 "); db_query(dbc,shortquery,1); } if(lrand48()%5==0) { c=shortquery; c+=sprintf(c,"%s","delete from t1 where c="); c+=sprintf(c,"%ld",-128 + lrand48()%255lu); c+=sprintf(c,"%s","%3"); db_query(dbc,shortquery,1); } if(lrand48()%5==0) { c=shortquery; c+=sprintf(c,"%s","select * from t1 for update"); db_query(dbc,shortquery,1); } if(lrand48()%3==0) { c=shortquery; c+=sprintf(c,"%s","show engine innodb status"); db_query(dbc,shortquery,1); } if(lrand48()%5==0) { c=shortquery; c+=sprintf(c,"%s","start transaction"); db_query(dbc,shortquery,1); } if(lrand48()%5==0) { c=shortquery; c+=sprintf(c,"%s","commit"); db_query(dbc,shortquery,1); } if(lrand48()%30==0) { c=shortquery; c+=sprintf(c,"%s","rollback"); db_query(dbc,shortquery,1); } if(lrand48()%3==0) { if(NULL != dbc) mysql_close(dbc); if (!(dbc = mysql_init(NULL))) { printf("mysql_init failed\n"); dbc=NULL; goto threadexit; } if (!mysql_real_connect(dbc,host,username,password,database,port, NULL, CLIENT_FOUND_ROWS|CLIENT_MULTI_STATEMENTS|CLIENT_MULTI_RESULTS)) { printf("mysql_real_connect failed: %s (%d) (%s)", mysql_error(dbc),mysql_errno(dbc),mysql_sqlstate(dbc)); mysql_close(dbc); dbc=NULL; } } } threadexit: mysql_close(dbc); mysql_thread_end(); pthread_exit(0); } int main(int argc, const char *argv[]) { MYSQL *dbc=NULL; int i=0,err=0; srand48((unsigned long)1362485103); time_t timestart=0,timenow=0; char shortquery[1024]={0}; char *c=NULL; my_init(); if (!(dbc = mysql_init(NULL))) { printf("mysql_init failed\n"); dbc=NULL; goto threadexit; } else { if (!mysql_real_connect(dbc,host,username,password,database,port, NULL, CLIENT_FOUND_ROWS|CLIENT_MULTI_STATEMENTS|CLIENT_MULTI_RESULTS)) { printf("mysql_real_connect failed: %s (%d) (%s)", mysql_error(dbc),mysql_errno(dbc),mysql_sqlstate(dbc)); mysql_close(dbc); dbc=NULL; goto threadexit; } } printf("running initializations..\n"); client_version=mysql_get_client_version(); server_version=mysql_get_server_version(dbc); printf("client version=%lu\n",client_version); printf("server version=%lu\n",server_version); if((client_version/10000) < (server_version/10000)) { printf("different client and server version! please upgrade client library!\n"); //goto threadexit; } if (!mysql_thread_safe()) { printf("non-threadsafe client detected! please rebuild and link with libmysql_r!\n"); } c=shortquery; c+=sprintf(c,"%s","drop table if exists innodb_lock_monitor"); db_query(dbc,shortquery,1); c=shortquery; c+=sprintf(c,"%s","create table innodb_lock_monitor(a int)engine=innodb;"); db_query(dbc,shortquery,1); c=shortquery; c+=sprintf(c,"%s","set global innodb_lock_wait_timeout=1"); db_query(dbc,shortquery,1); c=shortquery; c+=sprintf(c,"%s","set global lock_wait_timeout=1"); db_query(dbc,shortquery,1); c=shortquery; c+=sprintf(c,"%s","set global innodb_flush_log_at_trx_commit=0"); db_query(dbc,shortquery,1); c=shortquery; c+=sprintf(c,"%s","set global innodb_support_xa=0"); db_query(dbc,shortquery,1); c=shortquery; c+=sprintf(c,"%s","drop table if exists t1"); db_query(dbc,shortquery,1); c=shortquery; c+=sprintf(c,"%s","create table t1(a tinyint,b tinyint, c tinyint, primary key(a),unique key (a,b,c),key(c),key(b),key(b,a),key(c,a))engine=innodb"); db_query(dbc,shortquery,1); mysql_close(dbc); printf("about to spawn %d threads\n",NUMTHREADS); for (i=0;i 0) { myerrno=mysql_errno(dbc); printf("query failed '%s' : %d (%s) (%s)\n",sql,myerrno,mysql_error(dbc),mysql_sqlstate(dbc)); return 0; } num_queries++; do { r = mysql_use_result(dbc); if(r) { unsigned int numfields = mysql_num_fields(r); //unsigned int numrows=mysql_num_rows(r); while(0!=(field = mysql_fetch_field(r))) { //print metadata information about each field if(showresults > 1) { printf("%s ",field->name); } } if(showresults > 1) { printf("\n------------------------------------\n"); } while (0!=(w = mysql_fetch_row(r))) { for(i = 0; i < numfields; i++) { //print each field here if(showresults > 1) { printf("%s\t",w[i]); } } if(showresults > 1) { printf("\n"); } } if(showresults > 1) { printf("\n"); } mysql_free_result(r); } else //no rows returned. was it a select? { if(mysql_field_count(dbc) > 0 && showresults > 0) { printf("No results for '%s'. (%d) - %s (%s)\n",sql,mysql_errno(dbc),mysql_error(dbc),mysql_sqlstate(dbc)); return 0; } else //it could have been some insert/update/delete { //this is successful query } } moreresult=mysql_next_result(dbc); if(moreresult > 0 && showresults > 0) { printf("mysql_next_result returned %d, mysql error %s, (%d) (%s)\n",moreresult,mysql_error(dbc),mysql_errno(dbc),mysql_sqlstate(dbc)); return 0; } } while (0==moreresult); return 1; } char* alocmem(size_t num) { char *r=(char*)calloc(num,1); if(NULL == r) { printf("cannot calloc %lu bytes of memory\n",(unsigned long)num); exit(1); } return r; }