[#MDEV-6290] Crash in KILL HARD QUERY USER x@y when slave threads are running

[MDEV-6290] Crash in KILL HARD QUERY USER x@y when slave threads are running Created: 2014-06-02 Updated: 2014-07-25 Resolved: 2014-07-25
Status:	Closed
Project:	MariaDB Server
Component/s:	None
Affects Version/s:	5.3.12, 5.5.37, 10.0.11
Fix Version/s:	5.5.39, 10.0.13, 5.3.13

Type:

Bug

Priority:

Major

Reporter:

Kristian Nielsen

Assignee:

Sergei Golubchik

Resolution:

Fixed

Votes:

Labels:

None

Description

This simple test case crashes the server:

--source include/master-slave.inc

--connection server_2

kill hard query user test2@nohost;

--source include/rpl_end.inc

It crashes inside kill_threads_for_user(), in this code:

    if (((user->host.str[0] == '%' && !user->host.str[1]) ||

         !strcmp(tmp->security_ctx->host, user->host.str)) &&

        !strcmp(tmp->security_ctx->user, user->user.str))

tmp->security_ctx->host is NULL for the slave IO thread, so we get a NULL
pointer reference inside strcmp().

I'm not sure if the bug here is that the host field is NULL in the replication
thread, or if the bug is that the code in kill_threads_for_user() should check
for NULL...

Comments

Comment by Elena Stepanova [ 2014-06-02 ]

Also reproducible on old versions of 5.3 and 5.5 (tried 5.3.7 and 5.5.23)/

Generated at Thu Feb 08 07:10:46 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.

[MDEV-6290] Crash in KILL HARD QUERY USER x@y when slave threads are running Created: 2014-06-02 Updated: 2014-07-25 Resolved: 2014-07-25