[Commits] 467fb7b: MDEV-7201: parallel threads resizing - potential race condition to access freed memory

Kristian Nielsen knielsen at knielsen-hq.org
Wed Feb 4 16:42:18 EET 2015


revision-id: 467fb7ba77fda3afb06465710d79536856a35b9b
parent(s): 93cc656527e1ecd094f5ce702e193ce6c9148d62
committer: Kristian Nielsen
branch nick: server
timestamp: 2015-02-04 15:33:53 +0100
message:

MDEV-7201: parallel threads resizing - potential race condition to access freed memory

pool->threads is freed before being reassigned the new pool.

Although not really a memory barrier I though it prudent to keep the pool
thread count to be the lower of the old/new thread list before the new threads
is allocated.

---
 sql/rpl_parallel.cc |    9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/sql/rpl_parallel.cc b/sql/rpl_parallel.cc
index 55cc699..e37a827 100644
--- a/sql/rpl_parallel.cc
+++ b/sql/rpl_parallel.cc
@@ -1007,6 +1007,7 @@ static void signal_error_to_sql_driver_thread(THD *thd, rpl_group_info *rgi,
                                  uint32 new_count, bool skip_check)
 {
   uint32 i;
+  rpl_parallel_thread **old_list= NULL;
   rpl_parallel_thread **new_list= NULL;
   rpl_parallel_thread *new_free_list= NULL;
   rpl_parallel_thread *rpt_array= NULL;
@@ -1111,10 +1112,14 @@ static void signal_error_to_sql_driver_thread(THD *thd, rpl_group_info *rgi,
     }
   }
 
-  my_free(pool->threads);
+  old_list= pool->threads;
+  if (new_count < pool->count)
+    pool->count= new_count;
   pool->threads= new_list;
+  if (new_count > pool->count)
+    pool->count= new_count;
+  my_free(old_list);
   pool->free_list= new_free_list;
-  pool->count= new_count;
   for (i= 0; i < pool->count; ++i)
   {
     mysql_mutex_lock(&pool->threads[i]->LOCK_rpl_thread);


More information about the commits mailing list