Merge lp:~gl-az/percona-server/5.5-915814 into lp:percona-server/5.5

Proposed by George Ormond Lorch III
Status: Merged
Approved by: Alexey Kopytov
Approved revision: 250
Merged at revision: 254
Proposed branch: lp:~gl-az/percona-server/5.5-915814
Merge into: lp:percona-server/5.5
Diff against target: 93 lines (+42/-3)
1 file modified
Percona-Server/sql/log_event.cc (+42/-3)
To merge this branch: bzr merge lp:~gl-az/percona-server/5.5-915814
Reviewer Review Type Date Requested Status
Alexey Kopytov (community) Approve
Review via email: mp+107306@code.launchpad.net

Description of the change

Corrected buffer allocation for query in replication slave event handler. Query buffers were being allocated at the wrong size causing query cache checks to read from and write to unallocated memory.

Fix addresses upstream MySQL issues 64624 and 62942.

Jenkins http://jenkins.percona.com/view/PS%205.5/job/percona-server-5.5-param/381/

To post a comment you must log in.
Revision history for this message
Alexey Kopytov (akopytov) :
review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== modified file 'Percona-Server/sql/log_event.cc'
2--- Percona-Server/sql/log_event.cc 2012-05-18 04:37:44 +0000
3+++ Percona-Server/sql/log_event.cc 2012-05-25 00:05:24 +0000
4@@ -3205,10 +3205,33 @@
5 const char *query_arg, uint32 q_len_arg)
6 {
7 LEX_STRING new_db;
8+ char* query_buf;
9+ int query_buf_len;
10 int expected_error,actual_error= 0;
11 HA_CREATE_INFO db_options;
12
13 /*
14+ We must allocate some extra memory for query cache
15+ The query buffer layout is:
16+ buffer :==
17+ <statement> The input statement(s)
18+ '\0' Terminating null char (1 byte)
19+ <length> Length of following current database name (size_t)
20+ <db_name> Name of current database
21+ <flags> Flags struct
22+ */
23+ query_buf_len = q_len_arg + 1 + sizeof(size_t) + thd->db_length
24+ + QUERY_CACHE_FLAGS_SIZE + 1;
25+ if ((query_buf= (char *) thd->alloc(query_buf_len)))
26+ {
27+ memcpy(query_buf, query_arg, q_len_arg);
28+ query_buf[q_len_arg]= 0;
29+ memcpy(query_buf+q_len_arg+1, (char *) &thd->db_length, sizeof(size_t));
30+ }
31+ else
32+ goto end;
33+
34+ /*
35 Colleagues: please never free(thd->catalog) in MySQL. This would
36 lead to bugs as here thd->catalog is a part of an alloced block,
37 not an entire alloced block (see
38@@ -3288,8 +3311,10 @@
39 if (is_trans_keyword() || rpl_filter->db_ok(thd->db))
40 {
41 thd->set_time((time_t)when);
42- thd->set_query_and_id((char*)query_arg, q_len_arg,
43+
44+ thd->set_query_and_id((char*) query_buf, q_len_arg,
45 thd->charset(), next_query_id());
46+
47 thd->variables.pseudo_thread_id= thread_id; // for temp tables
48 DBUG_PRINT("query",("%s", thd->query()));
49
50@@ -3352,7 +3377,7 @@
51 result. This should be acceptable now. This is a reminder
52 to fix this if any refactoring happens here sometime.
53 */
54- thd->set_query((char*) query_arg, q_len_arg, thd->charset());
55+ thd->set_query((char*) query_buf, q_len_arg, thd->charset());
56 }
57 }
58 if (time_zone_len)
59@@ -4887,12 +4912,25 @@
60 enum enum_duplicates handle_dup;
61 bool ignore= 0;
62 char *load_data_query;
63+ int query_buf_len;
64
65 /*
66+ We must allocate some extra memory for query cache
67+ The query buffer layout is:
68+ buffer :==
69+ <statement> The input statement(s)
70+ '\0' Terminating null char (1 byte)
71+ <length> Length of following current database name (size_t)
72+ <db_name> Name of current database
73+ <flags> Flags struct
74+ */
75+ query_buf_len = get_query_buffer_length() + 1 + sizeof(size_t) + thd->db_length
76+ + QUERY_CACHE_FLAGS_SIZE + 1;
77+ /*
78 Forge LOAD DATA INFILE query which will be used in SHOW PROCESS LIST
79 and written to slave's binlog if binlogging is on.
80 */
81- if (!(load_data_query= (char *)thd->alloc(get_query_buffer_length() + 1)))
82+ if (!(load_data_query= (char *)thd->alloc(query_buf_len)))
83 {
84 /*
85 This will set thd->fatal_error in case of OOM. So we surely will notice
86@@ -4903,6 +4941,7 @@
87
88 print_query(FALSE, NULL, load_data_query, &end, NULL, NULL);
89 *end= 0;
90+ memcpy(end+1, (char *) &thd->db_length, sizeof(size_t));
91 thd->set_query(load_data_query, (uint) (end - load_data_query));
92
93 if (sql_ex.opt_flags & REPLACE_FLAG)

Subscribers

People subscribed via source and target branches