Details
-
Bug
-
Status: Closed (View Workflow)
-
Major
-
Resolution: Fixed
-
None
-
None
-
None
Description
Inside pagecache_fwrite() , in ma_pagecache.c, if my_pwrite() fails, the error handling callback function is called via function pointer.
the code in question is
if (my_pwrite(filedesc->file, buffer, pagecache->block_size,
((my_off_t) pageno << pagecache->shift), flags))
the problem is that *filedesc->write_fail can be NULL, which means failing my_pwrite() will cause a crash by dereferencing NULL pointer.
To reproduce,
1. add line
DBUG_ASSERT(*filedesc->write_fail);
prior to code in question.
2. Compile with DBUG, run
perl mysql-test-run.pl --suite=maria
3. Observe a crash . Here is for example what I get in 5.1
0028B9C3 mysqld.exe!my_sigabrt_handler()[mysqld.cc:2188]
00258DA9 mysqld.exe!raise()[winsig.c:586]
0025D4D6 mysqld.exe!abort()[abort.c:74]
008586A7 mysqld.exe!_wassert()[assert.c:336]
006351E1 mysqld.exe!pagecache_fwrite()[ma_pagecache.c:666]
0063B93D mysqld.exe!flush_cached_blocks()[ma_pagecache.c:4370]
0063B1E1 mysqld.exe!flush_pagecache_blocks_int()[ma_pagecache.c:4660]
0063AAC7 mysqld.exe!flush_pagecache_blocks_with_filter()[ma_pagecache.c:4780]
0063CC23 mysqld.exe!_ma_once_end_block_record()[ma_blockrec.c:451]
005F9133 mysqld.exe!maria_close()[ma_close.c:81]
005D1A89 mysqld.exe!ha_maria::close()[ha_maria.cc:1018]
0040847A mysqld.exe!closefrm()[table.cc:2013]
00369C11 mysqld.exe!intern_close_table()[sql_base.cc:793]