Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-12416

OOM in create_virtual_tmp_table() makes the server crash

    XMLWordPrintable

Details

    • Bug
    • Status: Closed (View Workflow)
    • Major
    • Resolution: Fixed
    • 10.2(EOL)
    • 10.2.5
    • OTHER
    • None

    Description

      If OOM (out of memory) happens inside create_virtual_tmp_table(), the server can crash.

      There are two problems:

      1. If OOM happens inside multi_alloc_root in Virtual_tmp_table::init, then the member TABLE::s is left to be a NULL pointer. The destructor calls destruct_fields() without a test that TABLE::s was really allocated. It should test that s is not NULL before calling destruct_fields.

      2. The class Virtual_tmp_table overrides the operator new to allocate itself on mem_root, but it does not override the operator delete, which is mapped to the system function free() by default. As a result free() is called for something which was never allocated with the system function malloc(). The class Virtual_tmp_table should override operator delete.

      The problem was introduced by the patch for MDEV-9238 in 10.2.0.

      Attachments

        Issue Links

          relates to

          Task - A task that needs to be done. MDEV-9238 Wrap create_virtual_tmp_table() into a class, split into different steps

          • Major - Major loss of function.
          • Closed

          Activity

            People

              bar Alexander Barkov
              bar Alexander Barkov
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Git Integration

                  Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.