Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-5321

Calling mysql_library_end accesses freed memory; dumps memory to display

    Details

    • Type: Bug
    • Status: Closed (View Workflow)
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 5.5.35
    • Component/s: None
    • Labels:
      None
    • Environment:
      Linux linux-yxkl.site 3.7.10-1.16-desktop #1 SMP PREEMPT Fri May 31 20:21:23 UTC 2013 (97c14ba) x86_64 x86_64 x86_64 GNU/Linux

      OpenSuse 12.3

      Description

      Valgrid reports:

      ==25335== Invalid read of size 4
      ==25335==    at 0x7B4C25A: pthread_rwlock_wrlock (in /lib64/libpthread-2.17.so)
      ==25335==    by 0x669BDEF: inline_mysql_rwlock_wrlock (mysql_thread.h:817)
      ==25335==    by 0x669F24F: openssl_lock(int, CRYPTO_dynlock_value*, char const*, int) (mysqld.cc:4044)
      ==25335==    by 0x669F1CC: openssl_lock_function(int, int, char const*, int) (mysqld.cc:4027)
      ==25335==    by 0x5BDB7DA: ??? (in /lib64/libcrypto.so.1.0.0)
      ==25335==    by 0x5BDBA58: ??? (in /lib64/libcrypto.so.1.0.0)
      ==25335==    by 0x5BDC3F9: ERR_remove_thread_state (in /lib64/libcrypto.so.1.0.0)
      ==25335==    by 0x695CC19: vio_end (vio.c:316)
      ==25335==    by 0x669226F: mysql_server_end (libmysql.c:211)
      ==25335==    by 0x406798: libmysqld_done (gateway.c:173)
      ==25335==    by 0x7D94F60: __run_exit_handlers (in /lib64/libc-2.17.so)
      ==25335==    by 0x7D94FE4: exit (in /lib64/libc-2.17.so)
      ==25335==  Address 0x8330600 is 64 bytes inside a block of size 2,624 free'd
      ==25335==    at 0x4C2AF6C: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
      ==25335==    by 0x5B5EBAC: CRYPTO_free (in /lib64/libcrypto.so.1.0.0)
      ==25335==    by 0x669D2EC: clean_up_mutexes() (mysqld.cc:1934)
      ==25335==    by 0x66A4072: end_embedded_server (lib_sql.cc:628)
      ==25335==    by 0x6692265: mysql_server_end (libmysql.c:208)
      ==25335==    by 0x406798: libmysqld_done (gateway.c:173)
      ==25335==    by 0x7D94F60: __run_exit_handlers (in /lib64/libc-2.17.so)
      ==25335==    by 0x7D94FE4: exit (in /lib64/libc-2.17.so)
      ==25335==    by 0x7D7EA1B: (below main) (in /lib64/libc-2.17.so)

      end_embedded_server calls clean_up_mutexes, which frees memory of mutexes. The next call in mysql_server_end calls vio_end under which one of the freed mutexes is accessed.

        Attachments

          Activity

            People

            • Assignee:
              holyfoot Alexey Botchkov
              Reporter:
              vilho Vilho Raatikka
            • Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

              • Due:
                Created:
                Updated:
                Resolved: