Drizzle

Merge lp:~linuxjedi/drizzle/drizzle-bug-628419 into lp:~drizzle-trunk/drizzle/development

  1. drizzle-bug-628419
  2. Merge into development
Proposed by Andrew Hutchings
Status: Merged
Approved by: Brian Aker
Approved revision: 1747
Merged at revision: 1749
Proposed branch: lp:~linuxjedi/drizzle/drizzle-bug-628419
Merge into: lp:~drizzle-trunk/drizzle/development
Diff against target: 46 lines (+17/-6)
1 file modified
drizzled/optimizer/range.cc (+17/-6)
To merge this branch: bzr merge lp:~linuxjedi/drizzle/drizzle-bug-628419
Reviewer Review Type Date Requested Status
Patrick Crews Approve
Review via email: mp+34748@code.launchpad.net

Description of the change

A double free was possible during a range query cleanup

To post a comment you must log in.
Revision history for this message
Patrick Crews (patrick-crews) wrote :

Retested with the randgen and was unable to crash Andrew's tree with multiple runs (standard + random seed values). Looks good to me.

review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== modified file 'drizzled/optimizer/range.cc'
2--- drizzled/optimizer/range.cc 2010-08-06 11:21:12 +0000
3+++ drizzled/optimizer/range.cc 2010-09-07 13:36:10 +0000
4@@ -385,8 +385,12 @@
5
6 void optimizer::SqlSelect::cleanup()
7 {
8- delete quick;
9- quick= 0;
10+ if (quick)
11+ {
12+ delete quick;
13+ quick= NULL;
14+ }
15+
16 if (free_cond)
17 {
18 free_cond= 0;
19@@ -641,8 +645,11 @@
20 {
21 uint32_t idx;
22 double scan_time;
23- delete quick;
24- quick=0;
25+ if (quick)
26+ {
27+ delete quick;
28+ quick= NULL;
29+ }
30 needed_reg.reset();
31 quick_keys.reset();
32 if (keys_to_use.none())
33@@ -858,8 +865,12 @@
34 records= best_trp->records;
35 if (! (quick= best_trp->make_quick(&param, true)) || quick->init())
36 {
37- delete quick;
38- quick= NULL;
39+ /* quick can already be free here */
40+ if (quick)
41+ {
42+ delete quick;
43+ quick= NULL;
44+ }
45 }
46 }
47