Merge lp:~gl-az/percona-server/5.1-915814 into lp:percona-server/5.1

Proposed by George Ormond Lorch III
Status: Merged
Approved by: Alexey Kopytov
Approved revision: 441
Merged at revision: 443
Proposed branch: lp:~gl-az/percona-server/5.1-915814
Merge into: lp:percona-server/5.1
Diff against target: 85 lines (+42/-3)
1 file modified
Percona-Server/sql/log_event.cc (+42/-3)
To merge this branch: bzr merge lp:~gl-az/percona-server/5.1-915814
Reviewer Review Type Date Requested Status
Alexey Kopytov (community) Approve
Review via email: mp+107307@code.launchpad.net

Description of the change

Corrected buffer allocation for query in replication slave event handler. Query buffers were being allocated at the wrong size causing query cache checks to read from and write to unallocated memory.

Fix addresses upstream MySQL issues 64624 and 62942.

Jenkins http://jenkins.percona.com/view/PS%205.1/job/percona-server-5.1-param/322/

To post a comment you must log in.
Revision history for this message
Alexey Kopytov (akopytov) :
review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== modified file 'Percona-Server/sql/log_event.cc'
2--- Percona-Server/sql/log_event.cc 2012-05-09 04:14:12 +0000
3+++ Percona-Server/sql/log_event.cc 2012-05-25 00:06:26 +0000
4@@ -3162,11 +3162,35 @@
5 const char *query_arg, uint32 q_len_arg)
6 {
7 LEX_STRING new_db;
8+ char* query_buf;
9+ int query_buf_len;
10 int expected_error,actual_error= 0;
11 HA_CREATE_INFO db_options;
12 bool process_log_slow_statement= false;
13
14 /*
15+ We must allocate some extra memory for query cache
16+ The query buffer layout is:
17+ buffer :==
18+ <statement> The input statement(s)
19+ '\0' Terminating null char (1 byte)
20+ <length> Length of following current database name (size_t)
21+ <db_name> Name of current database
22+ <flags> Flags struct
23+ */
24+ query_buf_len = q_len_arg + 1 + sizeof(size_t) + thd->db_length
25+ + QUERY_CACHE_FLAGS_SIZE + 1;
26+ if ((query_buf= (char *) thd->alloc(query_buf_len)))
27+ {
28+ memcpy(query_buf, query_arg, q_len_arg);
29+ query_buf[q_len_arg]= 0;
30+ memcpy(query_buf+q_len_arg+1, (char *) &thd->db_length, sizeof(size_t));
31+ }
32+ else
33+ goto end;
34+
35+
36+ /*
37 Colleagues: please never free(thd->catalog) in MySQL. This would
38 lead to bugs as here thd->catalog is a part of an alloced block,
39 not an entire alloced block (see
40@@ -3246,7 +3270,7 @@
41 if (is_trans_keyword() || rpl_filter->db_ok(thd->db))
42 {
43 thd->set_time((time_t)when);
44- thd->set_query((char*)query_arg, q_len_arg);
45+ thd->set_query((char*) query_buf, q_len_arg);
46 VOID(pthread_mutex_lock(&LOCK_thread_count));
47 thd->query_id = next_query_id();
48 VOID(pthread_mutex_unlock(&LOCK_thread_count));
49@@ -4821,12 +4845,26 @@
50 enum enum_duplicates handle_dup;
51 bool ignore= 0;
52 char *load_data_query;
53-
54+ int query_buf_len;
55+
56+ /*
57+ We must allocate some extra memory for query cache
58+ The query buffer layout is:
59+ buffer :==
60+ <statement> The input statement(s)
61+ '\0' Terminating null char (1 byte)
62+ <length> Length of following current database name (size_t)
63+ <db_name> Name of current database
64+ <flags> Flags struct
65+ */
66+ query_buf_len = get_query_buffer_length() + 1 + sizeof(size_t)
67+ + thd->db_length + QUERY_CACHE_FLAGS_SIZE + 1;
68+
69 /*
70 Forge LOAD DATA INFILE query which will be used in SHOW PROCESS LIST
71 and written to slave's binlog if binlogging is on.
72 */
73- if (!(load_data_query= (char *)thd->alloc(get_query_buffer_length() + 1)))
74+ if (!(load_data_query= (char *) thd->alloc(query_buf_len)))
75 {
76 /*
77 This will set thd->fatal_error in case of OOM. So we surely will notice
78@@ -4837,6 +4875,7 @@
79
80 print_query(FALSE, NULL, load_data_query, &end, NULL, NULL);
81 *end= 0;
82+ memcpy(end+1, (char *) &thd->db_length, sizeof(size_t));
83 thd->set_query(load_data_query, (uint) (end - load_data_query));
84
85 if (sql_ex.opt_flags & REPLACE_FLAG)

Subscribers

People subscribed via source and target branches