Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-8399

[PATCH] Missing Sanity Checks for memory allocation in MariaDB

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed (View Workflow)
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 10.0.20-galera
    • Fix Version/s: 10.0.21, 10.1.6
    • Component/s: Tests
    • Labels:
    • Environment:
      Linux/FreeBSD, etc (issue is in software, not compiling, building, etc)

      Description

      Subj: Missing Sanity Checks in MariaDB 10.0.2x

      Hello All,

      In reviewing code in MariaDB 10.0.2x, I found instances where
      a memory request via malloc() or calloc() is made, but no check
      for a return value of NULL, indicating failure is made. The
      patch files are listed below and attached to this bug report:

      --- groonga.c.orig      2015-06-27 16:07:46.000000000 -0700
      +++ groonga.c   2015-06-27 16:08:29.000000000 -0700
      @@ -101,6 +101,9 @@
         long flags = 0;
         grn_rc rc;
       
      +       if (ctx == NULL) {
      +               RETURN_FALSE;           /*      Unable to allocate memory for ctx       */
      +       }
       
         if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "|l", &flags) == FAILURE) {
           return;

      --- thr_lock.c.orig     2015-06-27 15:55:53.000000000 -0700
      +++ thr_lock.c  2015-06-27 15:58:01.000000000 -0700
      @@ -1792,6 +1792,10 @@
         for (i=0 ; i < array_elements(lock_counts) ; i++)
         {
           param=(int*) malloc(sizeof(int));
      +               if (param == NULL) {
      +                       fprintf(stderr, "Unable to allocate memory for mysql_mutex_lock (errno: %d)\n", errno);
      +                       exit(1);
      +               }
           *param=i;
       
           if ((error= mysql_mutex_lock(&LOCK_thread_count)))

      --- thr_alarm.c.orig    2015-06-27 15:52:16.000000000 -0700
      +++ thr_alarm.c 2015-06-27 15:54:20.000000000 -0700
      @@ -816,6 +816,10 @@
         for (i=0 ; i < 2 ; i++)
         {
           param=(int*) malloc(sizeof(int));
      +               if (param == NULL) {
      +                       fprintf(stderr, "Unable to allocate memory for thread %d...exiting...\n", i);
      +                       exit(1);
      +               }
           *param= i;
           mysql_mutex_lock(&LOCK_thread_count);
           if ((error= mysql_thread_create(0,

      Questions, Comments, Suggestions?

      I am attaching the patch file(s) to this bug report.

      Bill Parker (wp02855 at gmail dot com)

        Attachments

        1. groonga.c.patch
          0.3 kB
        2. thr_alarm.c.patch
          0.4 kB
        3. thr_lock.c.patch
          0.4 kB

          Issue Links

            Activity

              People

              Assignee:
              svoj Sergey Vojtovich
              Reporter:
              dogbert2 Bill Parker
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: