diff options
| author | Monty <monty@mariadb.org> | 2023-02-26 18:33:10 +0200 |
|---|---|---|
| committer | Monty <monty@mariadb.org> | 2023-02-27 19:25:44 +0200 |
| commit | 57c526ffb852fb027e25fdc77173d45bdc60b8a2 (patch) | |
| tree | 0865d590f2d9432587fac628cb8525da8bc42caf /mysys | |
| parent | 0de3be8cfdfc26f5c236eaefe12d03c7b4af22c8 (diff) | |
| download | mariadb-git-57c526ffb852fb027e25fdc77173d45bdc60b8a2.tar.gz | |
Added detection of memory overwrite with multi_mallocbb-10.5-monty
This patch also fixes some bugs detected by valgrind after this
patch:
- Not enough copy_func elements was allocated by Create_tmp_table() which
causes an memory overwrite in Create_tmp_table::add_fields()
I added an ASSERT() to be able to detect this also without valgrind.
The bug was that TMP_TABLE_PARAM::copy_fields was not correctly set
when calling create_tmp_table().
- Aria::empty_bits is not allocated if there is no varchar/char/blob
fields in the table. Fixed code to take this into account.
This cannot cause any issues as this is just a memory access
into other Aria memory and the content of the memory would not be used.
- Aria::last_key_buff was not allocated big enough. This may have caused
issues with rtrees and ma_extra(HA_EXTRA_REMEMBER_POS) as they
would use the same memory area.
- Aria and MyISAM didn't take extended key parts into account, which
caused problems when copying rec_per_key from engine to sql level.
- Mark asan builds with 'asan' in version strihng to detect these in
not_valgrind_build.inc.
This is needed to not have main.sp-no-valgrind fail with asan.
Diffstat (limited to 'mysys')
| -rw-r--r-- | mysys/mulalloc.c | 19 | ||||
| -rw-r--r-- | mysys/my_alloc.c | 12 |
2 files changed, 31 insertions, 0 deletions
diff --git a/mysys/mulalloc.c b/mysys/mulalloc.c index 357f9315f2b..51f8d61b574 100644 --- a/mysys/mulalloc.c +++ b/mysys/mulalloc.c @@ -17,6 +17,11 @@ #include "mysys_priv.h" #include <stdarg.h> +#ifndef DBUG_OFF +/* Put a protected barrier after every element when using my_multi_malloc() */ +#define ALLOC_BARRIER +#endif + /* Malloc many pointers at the same time Only ptr1 can be free'd, and doing this will free all @@ -45,6 +50,9 @@ void* my_multi_malloc(PSI_memory_key key, myf myFlags, ...) { length=va_arg(args,uint); tot_length+=ALIGN_SIZE(length); +#ifdef ALLOC_BARRIER + tot_length+= ALIGN_SIZE(1); +#endif } va_end(args); @@ -58,6 +66,10 @@ void* my_multi_malloc(PSI_memory_key key, myf myFlags, ...) *ptr=res; length=va_arg(args,uint); res+=ALIGN_SIZE(length); +#ifdef ALLOC_BARRIER + TRASH_FREE(res, ALIGN_SIZE(1)); + res+= ALIGN_SIZE(1); +#endif } va_end(args); DBUG_RETURN((void*) start); @@ -89,6 +101,9 @@ void *my_multi_malloc_large(PSI_memory_key key, myf myFlags, ...) { length=va_arg(args,ulonglong); tot_length+=ALIGN_SIZE(length); +#ifdef ALLOC_BARRIER + tot_length+= ALIGN_SIZE(1); +#endif } va_end(args); @@ -102,6 +117,10 @@ void *my_multi_malloc_large(PSI_memory_key key, myf myFlags, ...) *ptr=res; length=va_arg(args,ulonglong); res+=ALIGN_SIZE(length); +#ifdef ALLOC_BARRIER + TRASH_FREE(res, ALIGN_SIZE(1)); + res+= ALIGN_SIZE(1); +#endif } va_end(args); DBUG_RETURN((void*) start); diff --git a/mysys/my_alloc.c b/mysys/my_alloc.c index c3205eac6f0..aa0182c755e 100644 --- a/mysys/my_alloc.c +++ b/mysys/my_alloc.c @@ -23,6 +23,11 @@ #undef EXTRA_DEBUG #define EXTRA_DEBUG +#ifndef DBUG_OFF +/* Put a protected barrier after every element when using multi_alloc_root() */ +#define ALLOC_BARRIER +#endif + /* data packed in MEM_ROOT -> min_malloc */ #define MALLOC_FLAG(A) ((A & 1) ? MY_THREAD_SPECIFIC : 0) @@ -311,6 +316,9 @@ void *multi_alloc_root(MEM_ROOT *root, ...) { length= va_arg(args, uint); tot_length+= ALIGN_SIZE(length); +#ifdef ALLOC_BARRIER + tot_length+= ALIGN_SIZE(1); +#endif } va_end(args); @@ -324,6 +332,10 @@ void *multi_alloc_root(MEM_ROOT *root, ...) *ptr= res; length= va_arg(args, uint); res+= ALIGN_SIZE(length); +#ifdef ALLOC_BARRIER + TRASH_FREE(res, ALIGN_SIZE(1)); + res+= ALIGN_SIZE(1); +#endif } va_end(args); DBUG_RETURN((void*) start); |