Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-31450

mem_root->flags corruption in calculate_block_sizes

Details

    • Bug
    • Status: Closed (View Workflow)
    • Minor
    • Resolution: Fixed
    • 10.7(EOL), 10.8(EOL), 10.9(EOL), 10.10(EOL), 10.11, 11.1(EOL)
    • 10.9.8, 10.11.5, 11.0.3
    • Server
    • None

    Description

      &= changes mem_root->flags, which makes condition always true
      Probably & should be used instead of &=

      mysys/my_alloc.c

        if (mem_root->flags&= ROOT_FLAG_MPROTECT)         <<--
      		 
        {
      		 
          mem_root->block_size= MY_ALIGN(block_size, my_system_page_size);
      		 
          if (pre_alloc)
      		 
            pre_alloc= MY_ALIGN(pre_alloc, my_system_page_size);
      		 
        }

      Attachments

        Activity

          Ascending order - Click to sort in descending order
          danblack Daniel Black added a comment -

          Thanks Yury,

          I've put you as the author of this fix on https://github.com/MariaDB/server/pull/2668.

          Note, being &= it doesn't make it always true, but it does clear other flags like ROOT_FLAG_THREAD_SPECIFIC.

          danblack Daniel Black added a comment - Thanks Yury, I've put you as the author of this fix on https://github.com/MariaDB/server/pull/2668 . Note, being &= it doesn't make it always true, but it does clear other flags like ROOT_FLAG_THREAD_SPECIFIC .
          yury.chaikou Yury Chaikou added a comment -

          Yes, that is right, it will not make the condition always true.
          By the way, can we also change this
          #define MALLOC_FLAG(A) ((A & 1) ? MY_THREAD_SPECIFIC : 0)
          to
          #define MALLOC_FLAG(A) ((A & MY_THREAD_SPECIFIC) ? MY_THREAD_SPECIFIC : 0)
          to make it a bit safer?

          yury.chaikou Yury Chaikou added a comment - Yes, that is right, it will not make the condition always true. By the way, can we also change this #define MALLOC_FLAG(A) ((A & 1) ? MY_THREAD_SPECIFIC : 0) to #define MALLOC_FLAG(A) ((A & MY_THREAD_SPECIFIC) ? MY_THREAD_SPECIFIC : 0) to make it a bit safer?
          danblack Daniel Black added a comment -

          I'd be tempted to remove MALLOC_FLAG as its not actually used. But I'll leave that to Monty to decide in review.

          danblack Daniel Black added a comment - I'd be tempted to remove MALLOC_FLAG as its not actually used. But I'll leave that to Monty to decide in review.
          monty Michael Widenius added a comment -

          This has already been fixed and pushed to 10.9
          commit e1a631fecc364ce1268b13a8108a3186556d660c (HEAD -> 10.9, origin/bb-10.9-monty, origin/10.9)
          Author: Monty <monty@mariadb.org>
          Date: Mon Jun 12 20:11:32 2023 +0300
          Fixed wrong assignment in calculate_block_sizes() for MEM_ROOT

          The effect was that that ROOT_FLAG_THREAD_SPECIFIC was cleared and
          the memory allocated by memroot would be contributed the the system,
          not to the thread.

          This exposed a bug in how "show explain for ..." allocated data.

          • The thread that did provide the explain allocated data in the
            "show explain" threads mem_root, which is marked as THREAD_SPECIFIC.
          • Fixed by allocating the explain data in a temporary explain_mem_root
            which is not THREAD_SPECIFIC.

          Other things:

          • Added extra checks when using update_malloc_size()
          • Do not call update_malloc_size() for memory not registered with
            update_malloc_size(). This avoid some wrong 'memory not freed' reports.
          • Added a checking of 'thd->killed' to ensure that
            main.truncate_notembedded.test still works.

          Reported by: Yury Chaikou

          monty Michael Widenius added a comment - This has already been fixed and pushed to 10.9 commit e1a631fecc364ce1268b13a8108a3186556d660c (HEAD -> 10.9, origin/bb-10.9-monty, origin/10.9) Author: Monty <monty@mariadb.org> Date: Mon Jun 12 20:11:32 2023 +0300 Fixed wrong assignment in calculate_block_sizes() for MEM_ROOT The effect was that that ROOT_FLAG_THREAD_SPECIFIC was cleared and the memory allocated by memroot would be contributed the the system, not to the thread. This exposed a bug in how "show explain for ..." allocated data. The thread that did provide the explain allocated data in the "show explain" threads mem_root, which is marked as THREAD_SPECIFIC. Fixed by allocating the explain data in a temporary explain_mem_root which is not THREAD_SPECIFIC. Other things: Added extra checks when using update_malloc_size() Do not call update_malloc_size() for memory not registered with update_malloc_size(). This avoid some wrong 'memory not freed' reports. Added a checking of 'thd->killed' to ensure that main.truncate_notembedded.test still works. Reported by: Yury Chaikou
          monty Michael Widenius added a comment -

          Already fixed

          monty Michael Widenius added a comment - Already fixed

          People

            monty Michael Widenius
            yury.chaikou Yury Chaikou
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Git Integration

                Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.