[MDEV-8399] [PATCH] Missing Sanity Checks for memory allocation in MariaDB Created: 2015-06-30  Updated: 2015-07-23  Resolved: 2015-07-23

Status: Closed
Project: MariaDB Server
Component/s: Tests
Affects Version/s: 10.0.20-galera
Fix Version/s: 10.0.21, 10.1.6

Type: Bug Priority: Major
Reporter: Bill Parker Assignee: Sergey Vojtovich
Resolution: Fixed Votes: 0
Labels: Sanity_Checking
Environment:

Linux/FreeBSD, etc (issue is in software, not compiling, building, etc)

Attachments: File groonga.c.patch     File thr_alarm.c.patch     File thr_lock.c.patch    

 Description   

Subj: Missing Sanity Checks in MariaDB 10.0.2x

Hello All,

In reviewing code in MariaDB 10.0.2x, I found instances where
a memory request via malloc() or calloc() is made, but no check
for a return value of NULL, indicating failure is made. The
patch files are listed below and attached to this bug report:

--- groonga.c.orig      2015-06-27 16:07:46.000000000 -0700
 
+++ groonga.c   2015-06-27 16:08:29.000000000 -0700
 
@@ -101,6 +101,9 @@
 
   long flags = 0;
 
   grn_rc rc;
 
 
+       if (ctx == NULL) {
 
+               RETURN_FALSE;           /*      Unable to allocate memory for ctx       */
 
+       }
 
 
   if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "|l", &flags) == FAILURE) {
 
     return;
 

--- thr_lock.c.orig     2015-06-27 15:55:53.000000000 -0700
 
+++ thr_lock.c  2015-06-27 15:58:01.000000000 -0700
 
@@ -1792,6 +1792,10 @@
 
   for (i=0 ; i < array_elements(lock_counts) ; i++)
 
   {
 
     param=(int*) malloc(sizeof(int));
 
+               if (param == NULL) {
 
+                       fprintf(stderr, "Unable to allocate memory for mysql_mutex_lock (errno: %d)\n", errno);
 
+                       exit(1);
 
+               }
 
     *param=i;
 
 
     if ((error= mysql_mutex_lock(&LOCK_thread_count)))
 

--- thr_alarm.c.orig    2015-06-27 15:52:16.000000000 -0700
 
+++ thr_alarm.c 2015-06-27 15:54:20.000000000 -0700
 
@@ -816,6 +816,10 @@
 
   for (i=0 ; i < 2 ; i++)
 
   {
 
     param=(int*) malloc(sizeof(int));
 
+               if (param == NULL) {
 
+                       fprintf(stderr, "Unable to allocate memory for thread %d...exiting...\n", i);
 
+                       exit(1);
 
+               }
 
     *param= i;
 
     mysql_mutex_lock(&LOCK_thread_count);
 
     if ((error= mysql_thread_create(0,

Questions, Comments, Suggestions?

I am attaching the patch file(s) to this bug report.

Bill Parker (wp02855 at gmail dot com)

 Comments   
Comment by Sergey Vojtovich [ 2015-07-01 ]

Alas we have dozens of such instances. My suggestions:

  • thr_alarm.c - this is mostly dead code, anyway malloc not needed, use static buffer
  • thr_lock.c - same
  • groonga.c - needs to be reported to Kentoku, author of mroonga
Comment by Sergey Vojtovich [ 2015-07-16 ]

serg, please review fix for this bug.

Comment by Sergey Vojtovich [ 2015-07-23 ]

Missing check in groonga was reported to Kentoku.

Generated at Thu Feb 08 07:26:52 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.