diff options
| author | Vlad Lesin <vlad_lesin@mail.ru> | 2022-09-30 19:38:59 +0300 |
|---|---|---|
| committer | Vlad Lesin <vlad_lesin@mail.ru> | 2022-10-03 14:41:06 +0300 |
| commit | c0817dac99c28698dfc2b548d89acf1fb41dc32e (patch) | |
| tree | 757326d78ca319d25587d98a49a379ec38619b87 /mysql-test/std_data | |
| parent | dd8833bff0af1b75e007e3db1d18debfb7c4a096 (diff) | |
| download | mariadb-git-c0817dac99c28698dfc2b548d89acf1fb41dc32e.tar.gz | |
MDEV-29575 Access to innodb_trx, innodb_locks and innodb_lock_waits along with detached XA's can cause SIGSEGV
trx->mysql_thd can be zeroed-out between thd_get_thread_id() and
thd_query_safe() calls in fill_trx_row(). trx_disconnect_prepared() zeroes out
trx->mysql_thd. And this can cause null pointer dereferencing in
fill_trx_row().
fill_trx_row() is invoked from fetch_data_into_cache() under trx_sys.mutex.
Bug fix is in reseting trx_t::mysql_thd in trx_disconnect_prepared() under
trx_sys.mutex lock too.
MTR test case can't be created for the fix, as we need to wait for
trx_t::mysql_thd reseting in fill_trx_row() after trx_t::mysql_thd was
checked for null while trx_sys.mutex is held. But trx_t::mysql_thd must be
reset in trx_disconnect_prepared() under trx_sys.mutex. There will be deadlock.
Diffstat (limited to 'mysql-test/std_data')
0 files changed, 0 insertions, 0 deletions