[MDEV-31636] Memory leak in Sys_var_gtid_binlog_state::do_check() Created: 2023-07-06  Updated: 2023-11-28

Status: Open
Project: MariaDB Server
Component/s: Replication, Variables
Affects Version/s: 10.4, 10.5, 10.6, 10.7, 10.8, 10.9, 10.11, 11.0, 11.1, 11.2, 10.11.4
Fix Version/s: 10.4, 10.5, 10.6, 10.11, 11.0, 11.1, 11.2

Type: Bug Priority: Critical
Reporter: Alexander Barkov Assignee: Andrei Elkin
Resolution: Unresolved Votes: 0
Labels: None


 Description    

--source include/have_log_bin.inc
 
RESET MASTER;
 
--error ER_WRONG_VALUE_FOR_VAR
 
SET
 
  @@global.gtid_binlog_state='1-1-101,2-1-2002',
 
  @@global.slave_parallel_mode=x;
 
SELECT @@global.gtid_binlog_state;


***Warnings generated in error logs during shutdown after running tests: main.AAA
 
 
 
Warning: Memory not freed: 224
 
Warning:   40 bytes lost at 0x45fa260, allocated by T@0 at sql/sys_vars.cc:2120, sql/set_var.cc:246, sql/set_var.cc:810, sql/set_var.cc:738, sql/sql_parse.cc:5040, sql/sql_parse.cc:8023, sql/sql_parse.cc:1896, sql/sql_parse.cc:1407
 
Warning:  184 bytes lost at 0x7f71481b7790, allocated by T@0 at mysys/my_malloc.c:143, sql/rpl_gtid.cc:1359, sql/sys_vars.cc:2114, sql/set_var.cc:246, sql/set_var.cc:810, sql/set_var.cc:738, sql/sql_parse.cc:5040, sql/sql_parse.cc:8023
 
Warning:  152 bytes lost at 0x409c760, allocated by T@0 at mysys/array.c:73, mysys/hash.c:99, sql/sql_hset.h:37, sql/debug_sync.cc:90, sql/debug_sync.cc:166, sql/debug_sync.cc:1808, ??:0, csu/libc-start.c:268
 
Warning:   40 bytes lost at 0x45fa260, allocated by T@0 at sql/sys_vars.cc:2120, sql/set_var.cc:246, sql/set_var.cc:810, sql/set_var.cc:738, sql/sql_parse.cc:5040, sql/sql_parse.cc:8023, sql/sql_parse.cc:1896, sql/sql_parse.cc:1407
 
Warning:  184 bytes lost at 0x7f71481b7790, allocated by T@0 at mysys/my_malloc.c:143, sql/rpl_gtid.cc:1359, sql/sys_vars.cc:2114, sql/set_var.cc:246, sql/set_var.cc:810, sql/set_var.cc:738, sql/sql_parse.cc:5040, sql/sql_parse.cc:8023

The leaked memory is allocated in Sys_var_gtid_binlog_state::do_check() in this code:

  if (!(data= (gtid_binlog_state_data *)my_malloc(PSI_INSTRUMENT_ME,
 
                                                  sizeof(*data), MYF(0))))
 
  {

The problem happens because:

  • The @@global.gtid_binlog_state='1-1-101,2-1-2002' part of the statement allocated memory and assigns it to var->save_result.ptr
  • The @@global.slave_parallel_mode=x part fails on an error (wrong value)
  • The entire statement fails
  • The allocated value in var->save_result.ptr is never freed during the statement cleanup

 Comments   
Comment by Alexander Barkov [ 2023-07-06 ]

For the new system variable @@character_set_collations we'll need to allocate a temporary value to pass it between do_check() and session_update()/global_update(), similar to how it is done in @@gtid_binlog_state. So @@gtid_binlog_state should be fixed first.

Comment by Alexander Barkov [ 2023-07-06 ]

A possible solution would be to allocate the structure on THD::mem_root instead of using my_malloc.

Generated at Thu Feb 08 10:25:21 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.