[MDEV-5321] Calling mysql_library_end accesses freed memory; dumps memory to display - Jira

Details

Type: Bug
Status: Closed (View Workflow)
Priority: Major
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 5.5.35
Component/s: None
Labels:
None
Environment:
Linux linux-yxkl.site 3.7.10-1.16-desktop #1 SMP PREEMPT Fri May 31 20:21:23 UTC 2013 (97c14ba) x86_64 x86_64 x86_64 GNU/Linux

OpenSuse 12.3

Description

Valgrid reports:

==25335== Invalid read of size 4

==25335==    at 0x7B4C25A: pthread_rwlock_wrlock (in /lib64/libpthread-2.17.so)

==25335==    by 0x669BDEF: inline_mysql_rwlock_wrlock (mysql_thread.h:817)

==25335==    by 0x669F24F: openssl_lock(int, CRYPTO_dynlock_value*, char const*, int) (mysqld.cc:4044)

==25335==    by 0x669F1CC: openssl_lock_function(int, int, char const*, int) (mysqld.cc:4027)

==25335==    by 0x5BDB7DA: ??? (in /lib64/libcrypto.so.1.0.0)

==25335==    by 0x5BDBA58: ??? (in /lib64/libcrypto.so.1.0.0)

==25335==    by 0x5BDC3F9: ERR_remove_thread_state (in /lib64/libcrypto.so.1.0.0)

==25335==    by 0x695CC19: vio_end (vio.c:316)

==25335==    by 0x669226F: mysql_server_end (libmysql.c:211)

==25335==    by 0x406798: libmysqld_done (gateway.c:173)

==25335==    by 0x7D94F60: __run_exit_handlers (in /lib64/libc-2.17.so)

==25335==    by 0x7D94FE4: exit (in /lib64/libc-2.17.so)

==25335==  Address 0x8330600 is 64 bytes inside a block of size 2,624 free'd

==25335==    at 0x4C2AF6C: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)

==25335==    by 0x5B5EBAC: CRYPTO_free (in /lib64/libcrypto.so.1.0.0)

==25335==    by 0x669D2EC: clean_up_mutexes() (mysqld.cc:1934)

==25335==    by 0x66A4072: end_embedded_server (lib_sql.cc:628)

==25335==    by 0x6692265: mysql_server_end (libmysql.c:208)

==25335==    by 0x406798: libmysqld_done (gateway.c:173)

==25335==    by 0x7D94F60: __run_exit_handlers (in /lib64/libc-2.17.so)

==25335==    by 0x7D94FE4: exit (in /lib64/libc-2.17.so)

==25335==    by 0x7D7EA1B: (below main) (in /lib64/libc-2.17.so)

end_embedded_server calls clean_up_mutexes, which frees memory of mutexes. The next call in mysql_server_end calls vio_end under which one of the freed mutexes is accessed.

Attachments

Activity

Ascending order - Click to sort in descending order

Alexey Botchkov added a comment - 2013-11-24 22:06

Patch proposal:
http://lists.askmonty.org/pipermail/commits/2013-November/005715.html

Should also fix https://mariadb.atlassian.net/browse/MDEV-5311.

Alexey Botchkov added a comment - 2013-11-24 22:06 Patch proposal: http://lists.askmonty.org/pipermail/commits/2013-November/005715.html Should also fix https://mariadb.atlassian.net/browse/MDEV-5311 .

Daniel Bartholomew added a comment - 2014-01-29 19:36

http://bazaar.launchpad.net/~maria-captains/maria/5.5/revision/3987

Daniel Bartholomew added a comment - 2014-01-29 19:36 http://bazaar.launchpad.net/~maria-captains/maria/5.5/revision/3987

People

Assignee:: Alexey Botchkov

Reporter:: Vilho Raatikka

Votes:: 0 Vote for this issue

Watchers:: 5 Start watching this issue

Dates

Due:: 2013-12-04

Created:: 2013-11-20 14:28

Updated:: 2014-01-29 19:36

Resolved:: 2013-11-25 20:51

Git Integration

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.

MariaDB Server