Details
-
Bug
-
Status: Open (View Workflow)
-
Minor
-
Resolution: Unresolved
-
5.5.39
-
None
-
None
-
x86_64 x86_64 x86_64 GNU/Linux
Description
Reproduce by calling a mysql_thread_end followed by mysql->methods->free_embedded_thd()
The call sequence is illegal and expected outcome would be an error or some indication of error.
The location of problematic code :
mysys_var=my_thread_var;
|
/*
|
Let mysqld define the thread id (not mysys)
|
This allows us to move THD to different threads if needed.
|
*/
|
mysys_var->id= thread_id;
|
real_id= pthread_self(); // For debugging
|
mysys_var->stack_ends_here= thread_stack + // for consistency, see libevent_thread_proc
|
STACK_DIRECTION * (long)my_thread_stack_size;
|
where mysys_var is NULL.
Valgrind:
==15784== 1 errors in context 1 of 10:
|
==15784== Thread 9:
|
==15784== Invalid write of size 8
|
==15784== at 0x528A309: THD::store_globals() (sql_class.cc:1791)
|
==15784== by 0x519A68F: emb_free_embedded_thd (lib_sql.cc:422)
|
==15784== by 0x1A72064F: parsing_info_done (query_classifier.cc:1034)
|
==15784== by 0x40933B: gwbuf_remove_buffer_object (buffer.c:463)
|
==15784== by 0x4085D1: gwbuf_free (buffer.c:122)
|
==15784== by 0x408EA5: gwbuf_consume (buffer.c:316)
|
==15784== by 0x40E91A: dcb_write (dcb.c:935)
|
==15784== by 0x1F9CCA66: backend_write_delayqueue (mysql_backend.c:1113)
|
==15784== by 0x1F9CB066: gw_read_backend_event (mysql_backend.c:410)
|
==15784== by 0x4175C5: poll_waitevents (poll.c:424)
|
==15784== by 0x80B9E0E: start_thread (in /lib64/libpthread-2.17.so)
|
==15784== by 0x83B744C: clone (in /lib64/libc-2.17.so)
|
==15784== Address 0x90 is not stack'd, malloc'd or (recently) free'd
|