[MDEV-8399] [PATCH] Missing Sanity Checks for memory allocation in MariaDB - Jira

Details

Type: Bug
Status: Closed (View Workflow)
Priority: Major
Resolution: Fixed
Affects Version/s: 10.0.20-galera
Fix Version/s: 10.0.21, 10.1.6
Component/s: Tests
Labels:
- Sanity_Checking
Environment:
Linux/FreeBSD, etc (issue is in software, not compiling, building, etc)

Description

Subj: Missing Sanity Checks in MariaDB 10.0.2x

Hello All,

In reviewing code in MariaDB 10.0.2x, I found instances where
a memory request via malloc() or calloc() is made, but no check
for a return value of NULL, indicating failure is made. The
patch files are listed below and attached to this bug report:

--- groonga.c.orig      2015-06-27 16:07:46.000000000 -0700

+++ groonga.c   2015-06-27 16:08:29.000000000 -0700

@@ -101,6 +101,9 @@

   long flags = 0;

   grn_rc rc;

+       if (ctx == NULL) {

+               RETURN_FALSE;           /*      Unable to allocate memory for ctx       */

+       }

   if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "|l", &flags) == FAILURE) {

     return;

--- thr_lock.c.orig     2015-06-27 15:55:53.000000000 -0700

+++ thr_lock.c  2015-06-27 15:58:01.000000000 -0700

@@ -1792,6 +1792,10 @@

   for (i=0 ; i < array_elements(lock_counts) ; i++)

     param=(int*) malloc(sizeof(int));

+               if (param == NULL) {

+                       fprintf(stderr, "Unable to allocate memory for mysql_mutex_lock (errno: %d)\n", errno);

+                       exit(1);

+               }

     *param=i;

     if ((error= mysql_mutex_lock(&LOCK_thread_count)))

--- thr_alarm.c.orig    2015-06-27 15:52:16.000000000 -0700

+++ thr_alarm.c 2015-06-27 15:54:20.000000000 -0700

@@ -816,6 +816,10 @@

   for (i=0 ; i < 2 ; i++)

     param=(int*) malloc(sizeof(int));

+               if (param == NULL) {

+                       fprintf(stderr, "Unable to allocate memory for thread %d...exiting...\n", i);

+                       exit(1);

+               }

     *param= i;

     mysql_mutex_lock(&LOCK_thread_count);

     if ((error= mysql_thread_create(0,

Questions, Comments, Suggestions?

I am attaching the patch file(s) to this bug report.

Bill Parker (wp02855 at gmail dot com)

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List
- Download All

groonga.c.patch
0.3 kB
2015-06-30 20:15
thr_alarm.c.patch
0.4 kB
2015-06-30 20:15
thr_lock.c.patch
0.4 kB
2015-06-30 20:16

Issue Links

links to

Github revision

Activity

Ascending order - Click to sort in descending order

Bill Parker created issue - 2015-06-30 20:16

Elena Stepanova made changes - 2015-07-01 02:55

Field	Original Value	New Value
Description	Subj: Missing Sanity Checks in MariaDB 10.0.2x Hello All, In reviewing code in MariaDB 10.0.2x, I found instances where a memory request via malloc() or calloc() is made, but no check for a return value of NULL, indicating failure is made. The patch files are listed below and attached to this bug report: --- groonga.c.orig 2015-06-27 16:07:46.000000000 -0700 +++ groonga.c 2015-06-27 16:08:29.000000000 -0700 @@ -101,6 +101,9 @@ long flags = 0; grn_rc rc; + if (ctx == NULL) { + RETURN_FALSE; /* Unable to allocate memory for ctx / + } if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "\|l", &flags) == FAILURE) { return; =============================================================================== --- thr_lock.c.orig 2015-06-27 15:55:53.000000000 -0700 +++ thr_lock.c 2015-06-27 15:58:01.000000000 -0700 @@ -1792,6 +1792,10 @@ for (i=0 ; i < array_elements(lock_counts) ; i++) { param=(int) malloc(sizeof(int)); + if (param == NULL) { + fprintf(stderr, "Unable to allocate memory for mysql_mutex_lock (errno: %d)\n", errno); + exit(1); + } param=i; if ((error= mysql_mutex_lock(&LOCK_thread_count))) =============================================================================== --- thr_alarm.c.orig 2015-06-27 15:52:16.000000000 -0700 +++ thr_alarm.c 2015-06-27 15:54:20.000000000 -0700 @@ -816,6 +816,10 @@ for (i=0 ; i < 2 ; i++) { param=(int) malloc(sizeof(int)); + if (param == NULL) { + fprintf(stderr, "Unable to allocate memory for thread %d...exiting...\n", i); + exit(1); + } *param= i; mysql_mutex_lock(&LOCK_thread_count); if ((error= mysql_thread_create(0, =============================================================================== Questions, Comments, Suggestions? I am attaching the patch file(s) to this bug report. Bill Parker (wp02855 at gmail dot com)	Subj: Missing Sanity Checks in MariaDB 10.0.2x Hello All, In reviewing code in MariaDB 10.0.2x, I found instances where a memory request via malloc() or calloc() is made, but no check for a return value of NULL, indicating failure is made. The patch files are listed below and attached to this bug report: {noformat} --- groonga.c.orig 2015-06-27 16:07:46.000000000 -0700 +++ groonga.c 2015-06-27 16:08:29.000000000 -0700 @@ -101,6 +101,9 @@ long flags = 0; grn_rc rc; + if (ctx == NULL) { + RETURN_FALSE; /* Unable to allocate memory for ctx / + } if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "\|l", &flags) == FAILURE) { return; {noformat} {noformat} --- thr_lock.c.orig 2015-06-27 15:55:53.000000000 -0700 +++ thr_lock.c 2015-06-27 15:58:01.000000000 -0700 @@ -1792,6 +1792,10 @@ for (i=0 ; i < array_elements(lock_counts) ; i++) { param=(int) malloc(sizeof(int)); + if (param == NULL) { + fprintf(stderr, "Unable to allocate memory for mysql_mutex_lock (errno: %d)\n", errno); + exit(1); + } param=i; if ((error= mysql_mutex_lock(&LOCK_thread_count))) {noformat} {noformat} --- thr_alarm.c.orig 2015-06-27 15:52:16.000000000 -0700 +++ thr_alarm.c 2015-06-27 15:54:20.000000000 -0700 @@ -816,6 +816,10 @@ for (i=0 ; i < 2 ; i++) { param=(int) malloc(sizeof(int)); + if (param == NULL) { + fprintf(stderr, "Unable to allocate memory for thread %d...exiting...\n", i); + exit(1); + } *param= i; mysql_mutex_lock(&LOCK_thread_count); if ((error= mysql_thread_create(0, {noformat} Questions, Comments, Suggestions? I am attaching the patch file(s) to this bug report. Bill Parker (wp02855 at gmail dot com)

Elena Stepanova made changes - 2015-07-01 02:55

Summary

Missing Sanity Checks for memory allocation in MariaDB

[PATCH] Missing Sanity Checks for memory allocation in MariaDB

Elena Stepanova made changes - 2015-07-01 02:55

Fix Version/s

10.0 [ 16000 ]

Elena Stepanova made changes - 2015-07-01 02:55

Assignee

Sergey Vojtovich [ svoj ]

Sergey Vojtovich added a comment - 2015-07-01 10:22

Alas we have dozens of such instances. My suggestions:

thr_alarm.c - this is mostly dead code, anyway malloc not needed, use static buffer
thr_lock.c - same
groonga.c - needs to be reported to Kentoku, author of mroonga

Sergey Vojtovich added a comment - 2015-07-01 10:22 Alas we have dozens of such instances. My suggestions: thr_alarm.c - this is mostly dead code, anyway malloc not needed, use static buffer thr_lock.c - same groonga.c - needs to be reported to Kentoku , author of mroonga

Sergey Vojtovich added a comment - 2015-07-16 15:21

serg, please review fix for this bug.

Sergey Vojtovich added a comment - 2015-07-16 15:21 serg , please review fix for this bug.

Sergey Vojtovich made changes - 2015-07-16 15:21

Assignee	Sergey Vojtovich [ svoj ]	Sergei Golubchik [ serg ]
Status	Open [ 1 ]	In Review [ 10002 ]

Sergei Golubchik made changes - 2015-07-23 21:30

Assignee	Sergei Golubchik [ serg ]	Sergey Vojtovich [ svoj ]
Status	In Review [ 10002 ]	Stalled [ 10000 ]

Sergey Vojtovich made changes - 2015-07-23 21:54

Remote Link

This issue links to "Github revision (Web Link)" [ 24201 ]

Sergey Vojtovich added a comment - 2015-07-23 21:54

Missing check in groonga was reported to Kentoku.

Sergey Vojtovich added a comment - 2015-07-23 21:54 Missing check in groonga was reported to Kentoku.

Sergey Vojtovich made changes - 2015-07-23 21:55

Component/s		Tests [ 10800 ]
Component/s	Embedded Server [ 11301 ]
Fix Version/s		10.0.21 [ 19406 ]
Fix Version/s		10.1.6 [ 19401 ]
Fix Version/s	10.0 [ 16000 ]
Resolution		Fixed [ 1 ]
Status	Stalled [ 10000 ]	Closed [ 6 ]

Sergei Golubchik made changes - 2021-12-06 21:41

Workflow

MariaDB v3 [ 70418 ]

MariaDB v4 [ 149321 ]

People

Assignee:: Sergey Vojtovich

Reporter:: Bill Parker

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 2015-06-30 20:16

Updated:: 2015-07-23 21:55

Resolved:: 2015-07-23 21:55

Git Integration

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.

MariaDB Server

Details

Description

Attachments

Attachments

Issue Links

Activity

People

Dates

Git Integration