Uploaded image for project: 'MariaDB MaxScale'
  1. MariaDB MaxScale
  2. MXS-328

Read-Write router frees buffer after write (which also frees)

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed (View Workflow)
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 1.2.0
    • Fix Version/s: 1.2.1
    • Component/s: readwritesplit
    • Labels:
      None
    • Environment:
      Any

      Description

      In the current develop branch at line 2603 is gwbuf_free(wbuf). This is on a return of zero (failure) from line 2589: if ((ret = target_dcb->func.write(target_dcb, wbuf)) == 1).

      This fails with an abort based on glibc double free detection. The free statement appears wrong, based on the principle that a DCB write always takes responsibility for the buffer, either freeing it or queueing it for later write.

      In the particular case, there was an authentication failure which prevented write, and the buffer was freed by the MySQL client protocol. Hence the double free.

      This is recorded as a bug because there could be other similar instances.

        Attachments

          Activity

            People

            Assignee:
            markus makela markus makela
            Reporter:
            martin brampton martin brampton (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:

                Git Integration

                Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.