Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-15029

XA COMMIT and XA ROLLBACK operate on freed transaction object

Details

    Description

      The functions innobase_commit_by_xid() and innobase_rollback_by_xid(), which implement XA ROLLBACK and XA COMMIT for XA PREPARE transactions that are no longer attached to a connection, are freeing the transaction object to the pool prematurely, and then modifying the trx_t::in_depth and trx::in_innodb fields of the freed object. While the object is already free in the pool, it could be reused by trx_create_low() by some other connection. This could cause memory corruption and cause bugs like MDEV-14128 and MDEV-13935.

      This bug was caught after adding AddressSanitizer poisoning to the transaction Pool.

      Attachments

        Issue Links

          Activity

            There are no comments yet on this issue.

            People

              marko Marko Mäkelä
              marko Marko Mäkelä
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Git Integration

                  Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.