Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-34397

"delete si" rather than "my_free(si)" in THD::register_slave()

    XMLWordPrintable

Details

    Description

      THD::register_slave() allocates si with

      if (!(si= (Slave_info*)my_malloc(key_memory_SLAVE_INFO, sizeof(Slave_info),
      MYF(MY_WME))))
      return 1;

      but, if the incoming message can't be parsed, free si with

      delete si;

      which for me causes free() to complain and abort:

      Version: '11.6.0-MariaDB' socket: '/tmp/mariadb.sock' port: 3306 Source distribution
      free(): invalid pointer
      240614 10:56:46 [ERROR] mysqld got signal 6 ;
      Server version: 11.6.0-MariaDB-debug source revision: 3d4bdf76d35611f1aed066824fb56988c5ba16e9

      Linux blob 6.5.0-35-generic #35-Ubuntu SMP PREEMPT_DYNAMIC Fri Apr 26 11:23:57 UTC 2024 x86_64 x86_64 x86_64 GNU/Linux

      Here's a backtrace:

      #0 __pthread_kill_implementation (no_tid=0, signo=6, threadid=<optimized out>) at ./nptl/pthread_kill.c:44
      #1 __pthread_kill_internal (signo=6, threadid=<optimized out>) at ./nptl/pthread_kill.c:78
      #2 _GI__pthread_kill (threadid=<optimized out>, signo=6) at ./nptl/pthread_kill.c:89
      #3 0x0000637d4c106113 in my_write_core (sig=6) at /home/rtm/maria/server/mysys/stacktrace.c:424
      #4 0x0000637d4b758977 in handle_fatal_signal (sig=6) at /home/rtm/maria/server/sql/signal_handler.cc:357
      #5 <signal handler called>
      #6 __pthread_kill_implementation (no_tid=0, signo=6, threadid=<optimized out>) at ./nptl/pthread_kill.c:44
      #7 __pthread_kill_internal (signo=6, threadid=<optimized out>) at ./nptl/pthread_kill.c:78
      #8 _GI__pthread_kill (threadid=<optimized out>, signo=signo@entry=6) at ./nptl/pthread_kill.c:89
      #9 0x00007f9d9c6428e6 in __GI_raise (sig=sig@entry=6) at ../sysdeps/posix/raise.c:26
      #10 0x00007f9d9c6268b7 in __GI_abort () at ./stdlib/abort.c:79
      #11 0x00007f9d9c627750 in __libc_message (fmt=fmt@entry=0x7f9d9c7c3b34 "%s\n") at ../sysdeps/posix/libc_fatal.c:150
      #12 0x00007f9d9c6a3ce7 in malloc_printerr (str=str@entry=0x7f9d9c7c1612 "free(): invalid pointer") at ./malloc/malloc.c:5765
      #13 0x00007f9d9c6a5f24 in _int_free (av=<optimized out>, p=<optimized out>, have_lock=0) at ./malloc/malloc.c:4500
      #14 0x00007f9d9c6a8873 in _GI__libc_free (mem=<optimized out>) at ./malloc/malloc.c:3391
      #15 0x0000637d4b1d21a5 in THD::register_slave (this=0x7f9d48000dc8, packet=0x7f9d4800bd19 '\026' <repeats 63 times>, packet_length=63)
      at /home/rtm/maria/server/sql/repl_failsafe.cc:162
      #16 0x0000637d4b317990 in dispatch_command (command=COM_REGISTER_SLAVE, thd=0x7f9d48000dc8, packet=0x7f9d4800bd19 '\026' <repeats 63 times>, packet_length=63,
      blocking=true) at /home/rtm/maria/server/sql/sql_parse.cc:1695
      #17 0x0000637d4b316cf9 in do_command (thd=0x7f9d48000dc8, blocking=true) at /home/rtm/maria/server/sql/sql_parse.cc:1405
      #18 0x0000637d4b51ff01 in do_handle_one_connection (connect=0x637d4e8fe248, put_in_cache=true) at /home/rtm/maria/server/sql/sql_connect.cc:1447
      #19 0x0000637d4b51fc6f in handle_one_connection (arg=0x637d4e8fe248) at /home/rtm/maria/server/sql/sql_connect.cc:1349
      #20 0x0000637d4ba9c38a in pfs_spawn_thread (arg=0x637d4e844118) at /home/rtm/maria/server/storage/perfschema/pfs.cc:2201
      #21 0x00007f9d9c697b5a in start_thread (arg=<optimized out>) at ./nptl/pthread_create.c:444
      #22 0x00007f9d9c7285fc in clone3 () at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:78

      Attachments

        Activity

          People

            bnestere Brandon Nesterenko
            rtm Robert Morris
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Git Integration

                Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.