diff options
author | Arun Kuruvila <arun.kuruvila@oracle.com> | 2015-09-04 11:10:57 +0530 |
---|---|---|
committer | Arun Kuruvila <arun.kuruvila@oracle.com> | 2015-09-04 11:10:57 +0530 |
commit | ddcad361d6ff2c3336221f27c4e31bfc8d1913b1 (patch) | |
tree | 134b7e5402052edae6e1a84d894b02f5e41aa996 /mysys/ptr_cmp.c | |
parent | 0bb654b8d9161ecf46684d040c08b86bbc74a32f (diff) | |
download | mariadb-git-ddcad361d6ff2c3336221f27c4e31bfc8d1913b1.tar.gz |
Bug #21503595 : --QUERY-ALLOC-BLOCK-SIZE=-1125899906842624 +
PID_FILE CHECK LEADS TO OOM SIG 11
Description:- A server started with 'query_alloc_block_size'
option set to a certain range of negative values on a
machine without enough memory may lead to OOM.
Analysis:- Server uses 'strtoull()' to convert server
variable values of type 'GET_UINT', 'GET_ULONG' or 'GET_ULL'
from string to unsigned long long. According to the man
page, 'strtoull()' function returns either the result of the
conversion or, if there was a leading minus sign, the
negation of the result of the conversion represented as an
unsigned value, unless the original(nonnegated) value would
overflow; in the latter case, strtoull() returns ULLONG_MAX
and sets errno to ERANGE. So 'strtoull()' converts a small
negative value to a larger postive value. For example string
'-1125899906842624' will be converted to an unsigned value,
'18445618173802708992' (ulonglong typecast of
'-1125899906842624'). So a
server started with 'query_alloc_block_size' set to
"-1125899906842624" on a machine without enough memory will
lead to OOM since server allocates '18445618173802708992'
bytes(17178820608 GB) for query allocation block.
Fix:- When server is started with any server variable, of
type "GET_UINT", "GET_ULONG" or "GET_ULL", set to a negative
value, a warning, "option xxx: value -yyy adjusted to zzz"
is thrown and the value is adjusted to the lowest possible
value for that variable. The dynamic server variable which
is configured through the client exhibit the same behavior
as fix made for variables configured during the server
start up.
Diffstat (limited to 'mysys/ptr_cmp.c')
0 files changed, 0 insertions, 0 deletions