Details
-
Bug
-
Status: Closed (View Workflow)
-
Major
-
Resolution: Fixed
-
10.0.20-galera
-
Linux/FreeBSD, etc (issue is in software, not compiling, building, etc)
Description
Subj: Missing Sanity Checks in MariaDB 10.0.2x
Hello All,
In reviewing code in MariaDB 10.0.2x, I found instances where
a memory request via malloc() or calloc() is made, but no check
for a return value of NULL, indicating failure is made. The
patch files are listed below and attached to this bug report:
--- groonga.c.orig 2015-06-27 16:07:46.000000000 -0700
|
+++ groonga.c 2015-06-27 16:08:29.000000000 -0700
|
@@ -101,6 +101,9 @@
|
long flags = 0;
|
grn_rc rc;
|
|
+ if (ctx == NULL) {
|
+ RETURN_FALSE; /* Unable to allocate memory for ctx */
|
+ }
|
|
if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "|l", &flags) == FAILURE) {
|
return;
|
--- thr_lock.c.orig 2015-06-27 15:55:53.000000000 -0700
|
+++ thr_lock.c 2015-06-27 15:58:01.000000000 -0700
|
@@ -1792,6 +1792,10 @@
|
for (i=0 ; i < array_elements(lock_counts) ; i++)
|
{
|
param=(int*) malloc(sizeof(int));
|
+ if (param == NULL) {
|
+ fprintf(stderr, "Unable to allocate memory for mysql_mutex_lock (errno: %d)\n", errno);
|
+ exit(1);
|
+ }
|
*param=i;
|
|
if ((error= mysql_mutex_lock(&LOCK_thread_count)))
|
--- thr_alarm.c.orig 2015-06-27 15:52:16.000000000 -0700
|
+++ thr_alarm.c 2015-06-27 15:54:20.000000000 -0700
|
@@ -816,6 +816,10 @@
|
for (i=0 ; i < 2 ; i++)
|
{
|
param=(int*) malloc(sizeof(int));
|
+ if (param == NULL) {
|
+ fprintf(stderr, "Unable to allocate memory for thread %d...exiting...\n", i);
|
+ exit(1);
|
+ }
|
*param= i;
|
mysql_mutex_lock(&LOCK_thread_count);
|
if ((error= mysql_thread_create(0,
|
Questions, Comments, Suggestions?
I am attaching the patch file(s) to this bug report.
Bill Parker (wp02855 at gmail dot com)
Attachments
Issue Links
- links to