Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-28719

compress_write() fails to release mutex on failure

Details

    Description

      Hi, @marko, it seems that the fixing for MDEV-28689 is buggy. The lock thd->data_mutex is still not released during erroneously writing to the destination stream and writing to the destination stream (Line 246 and 256).

      Due to the original issue is closed, thus I just open a new issue.

      https://github.com/MariaDB/server/blob/863c3eda872b19f70ce6045119bf621584e1312d/extra/mariabackup/ds_compress.cc#L233-L259

      Attachments

        Issue Links

          links to

          Web Link CVE-2022-38791

          Activity

            Ascending order - Click to sort in descending order
            Ryan Ryan created issue -
            marko Marko Mäkelä added a comment -

            Thank you Ryan, indeed in MDEV-28689 I only fixed problems related to the ctrl_mutex by removing that mutex. The function compress_write() fails to release the data_mutex in case it fails to write to the stream.

            marko Marko Mäkelä added a comment - Thank you Ryan , indeed in MDEV-28689 I only fixed problems related to the ctrl_mutex by removing that mutex. The function compress_write() fails to release the data_mutex in case it fails to write to the stream.
            marko Marko Mäkelä made changes -
            Field Original Value New Value
            Fix Version/s 10.3 [ 22126 ]
            Fix Version/s 10.4 [ 22408 ]
            Fix Version/s 10.5 [ 23123 ]
            Fix Version/s 10.6 [ 24028 ]
            Fix Version/s 10.7 [ 24805 ]
            Fix Version/s 10.8 [ 26121 ]
            Fix Version/s 10.9 [ 26905 ]
            Affects Version/s 10.3 [ 22126 ]
            Affects Version/s 10.4 [ 22408 ]
            Affects Version/s 10.5 [ 23123 ]
            Affects Version/s 10.6 [ 24028 ]
            Affects Version/s 10.7 [ 24805 ]
            Affects Version/s 10.8 [ 26121 ]
            Assignee Marko Mäkelä [ marko ]
            marko Marko Mäkelä made changes -
            Summary An improper locking bug (insufficient fixing of prior issues) compress_write() fails to release mutex on failure
            marko Marko Mäkelä made changes -
            Status Open [ 1 ] In Progress [ 3 ]
            marko Marko Mäkelä made changes -
            issue.field.resolutiondate 2022-06-01 09:23:58.0 2022-06-01 09:23:58.962
            marko Marko Mäkelä made changes -
            Fix Version/s 10.3.36 [ 27513 ]
            Fix Version/s 10.4.26 [ 27511 ]
            Fix Version/s 10.5.17 [ 27509 ]
            Fix Version/s 10.6.9 [ 27507 ]
            Fix Version/s 10.7.5 [ 27505 ]
            Fix Version/s 10.8.4 [ 27503 ]
            Fix Version/s 10.9.2 [ 27115 ]
            Fix Version/s 10.3 [ 22126 ]
            Fix Version/s 10.4 [ 22408 ]
            Fix Version/s 10.5 [ 23123 ]
            Fix Version/s 10.6 [ 24028 ]
            Fix Version/s 10.7 [ 24805 ]
            Fix Version/s 10.8 [ 26121 ]
            Fix Version/s 10.9 [ 26905 ]
            Resolution Fixed [ 1 ]
            Status In Progress [ 3 ] Closed [ 6 ]
            serg Sergei Golubchik made changes -

            People

              marko Marko Mäkelä
              Ryan Ryan
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Git Integration

                  Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.