Percona Server moved to https://jira.percona.com/projects/PS

Merge lp:~gl-az/percona-server/5.1-915814 into lp:percona-server/5.1

  1. 5.1-915814
  2. Merge into 5.1
Proposed by George Ormond Lorch III
Status: Merged
Approved by: Alexey Kopytov
Approved revision: no longer in the source branch.
Merged at revision: 443
Proposed branch: lp:~gl-az/percona-server/5.1-915814
Merge into: lp:percona-server/5.1
Diff against target: 85 lines (+42/-3)
1 file modified
Percona-Server/sql/log_event.cc (+42/-3)
To merge this branch: bzr merge lp:~gl-az/percona-server/5.1-915814
Reviewer Review Type Date Requested Status
Alexey Kopytov (community) Approve
Review via email: mp+107307@code.launchpad.net

Description of the change

Corrected buffer allocation for query in replication slave event handler. Query buffers were being allocated at the wrong size causing query cache checks to read from and write to unallocated memory.

Fix addresses upstream MySQL issues 64624 and 62942.

Jenkins http://jenkins.percona.com/view/PS%205.1/job/percona-server-5.1-param/322/

To post a comment you must log in.
Revision history for this message
Alexey Kopytov (akopytov) :
review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
=== modified file 'Percona-Server/sql/log_event.cc'
--- Percona-Server/sql/log_event.cc 2012-05-09 04:14:12 +0000
+++ Percona-Server/sql/log_event.cc 2012-05-25 00:06:26 +0000
@@ -3162,11 +3162,35 @@
3162 const char *query_arg, uint32 q_len_arg)3162 const char *query_arg, uint32 q_len_arg)
3163{3163{
3164 LEX_STRING new_db;3164 LEX_STRING new_db;
3165 char* query_buf;
3166 int query_buf_len;
3165 int expected_error,actual_error= 0;3167 int expected_error,actual_error= 0;
3166 HA_CREATE_INFO db_options;3168 HA_CREATE_INFO db_options;
3167 bool process_log_slow_statement= false;3169 bool process_log_slow_statement= false;
31683170
3169 /*3171 /*
3172 We must allocate some extra memory for query cache
3173 The query buffer layout is:
3174 buffer :==
3175 <statement> The input statement(s)
3176 '\0' Terminating null char (1 byte)
3177 <length> Length of following current database name (size_t)
3178 <db_name> Name of current database
3179 <flags> Flags struct
3180 */
3181 query_buf_len = q_len_arg + 1 + sizeof(size_t) + thd->db_length
3182 + QUERY_CACHE_FLAGS_SIZE + 1;
3183 if ((query_buf= (char *) thd->alloc(query_buf_len)))
3184 {
3185 memcpy(query_buf, query_arg, q_len_arg);
3186 query_buf[q_len_arg]= 0;
3187 memcpy(query_buf+q_len_arg+1, (char *) &thd->db_length, sizeof(size_t));
3188 }
3189 else
3190 goto end;
3191
3192
3193 /*
3170 Colleagues: please never free(thd->catalog) in MySQL. This would3194 Colleagues: please never free(thd->catalog) in MySQL. This would
3171 lead to bugs as here thd->catalog is a part of an alloced block,3195 lead to bugs as here thd->catalog is a part of an alloced block,
3172 not an entire alloced block (see3196 not an entire alloced block (see
@@ -3246,7 +3270,7 @@
3246 if (is_trans_keyword() || rpl_filter->db_ok(thd->db))3270 if (is_trans_keyword() || rpl_filter->db_ok(thd->db))
3247 {3271 {
3248 thd->set_time((time_t)when);3272 thd->set_time((time_t)when);
3249 thd->set_query((char*)query_arg, q_len_arg);3273 thd->set_query((char*) query_buf, q_len_arg);
3250 VOID(pthread_mutex_lock(&LOCK_thread_count));3274 VOID(pthread_mutex_lock(&LOCK_thread_count));
3251 thd->query_id = next_query_id();3275 thd->query_id = next_query_id();
3252 VOID(pthread_mutex_unlock(&LOCK_thread_count));3276 VOID(pthread_mutex_unlock(&LOCK_thread_count));
@@ -4821,12 +4845,26 @@
4821 enum enum_duplicates handle_dup;4845 enum enum_duplicates handle_dup;
4822 bool ignore= 0;4846 bool ignore= 0;
4823 char *load_data_query;4847 char *load_data_query;
48244848 int query_buf_len;
4849
4850 /*
4851 We must allocate some extra memory for query cache
4852 The query buffer layout is:
4853 buffer :==
4854 <statement> The input statement(s)
4855 '\0' Terminating null char (1 byte)
4856 <length> Length of following current database name (size_t)
4857 <db_name> Name of current database
4858 <flags> Flags struct
4859 */
4860 query_buf_len = get_query_buffer_length() + 1 + sizeof(size_t)
4861 + thd->db_length + QUERY_CACHE_FLAGS_SIZE + 1;
4862
4825 /*4863 /*
4826 Forge LOAD DATA INFILE query which will be used in SHOW PROCESS LIST4864 Forge LOAD DATA INFILE query which will be used in SHOW PROCESS LIST
4827 and written to slave's binlog if binlogging is on.4865 and written to slave's binlog if binlogging is on.
4828 */4866 */
4829 if (!(load_data_query= (char *)thd->alloc(get_query_buffer_length() + 1)))4867 if (!(load_data_query= (char *) thd->alloc(query_buf_len)))
4830 {4868 {
4831 /*4869 /*
4832 This will set thd->fatal_error in case of OOM. So we surely will notice4870 This will set thd->fatal_error in case of OOM. So we surely will notice
@@ -4837,6 +4875,7 @@
48374875
4838 print_query(FALSE, NULL, load_data_query, &end, NULL, NULL);4876 print_query(FALSE, NULL, load_data_query, &end, NULL, NULL);
4839 *end= 0;4877 *end= 0;
4878 memcpy(end+1, (char *) &thd->db_length, sizeof(size_t));
4840 thd->set_query(load_data_query, (uint) (end - load_data_query));4879 thd->set_query(load_data_query, (uint) (end - load_data_query));
48414880
4842 if (sql_ex.opt_flags & REPLACE_FLAG)4881 if (sql_ex.opt_flags & REPLACE_FLAG)

Subscribers

People subscribed via source and target branches