[#MDEV-12416] OOM in create_virtual_tmp_table() makes the server crash

[MDEV-12416] OOM in create_virtual_tmp_table() makes the server crash Created: 2017-03-31 Updated: 2017-03-31 Resolved: 2017-03-31
Status:	Closed
Project:	MariaDB Server
Component/s:	OTHER
Affects Version/s:	10.2
Fix Version/s:	10.2.5

Type:

Bug

Priority:

Major

Reporter:

Alexander Barkov

Assignee:

Alexander Barkov

Resolution:

Fixed

Votes:

Labels:

None

Issue Links:

Relates
relates to	~~MDEV-9238~~	Wrap create_virtual_tmp_table() into ...	Closed

Description

If OOM (out of memory) happens inside create_virtual_tmp_table(), the server can crash.

There are two problems:

1. If OOM happens inside multi_alloc_root in Virtual_tmp_table::init, then the member TABLE::s is left to be a NULL pointer. The destructor calls destruct_fields() without a test that TABLE::s was really allocated. It should test that s is not NULL before calling destruct_fields.

2. The class Virtual_tmp_table overrides the operator new to allocate itself on mem_root, but it does not override the operator delete, which is mapped to the system function free() by default. As a result free() is called for something which was never allocated with the system function malloc(). The class Virtual_tmp_table should override operator delete.

The problem was introduced by the patch for ~~MDEV-9238~~ in 10.2.0.

Comments

Comment by Alexey Botchkov [ 2017-03-31 ]

ok to push.

Generated at Thu Feb 08 07:57:33 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.

[MDEV-12416] OOM in create_virtual_tmp_table() makes the server crash Created: 2017-03-31 Updated: 2017-03-31 Resolved: 2017-03-31