From eec509bd77f654056e1400f13019db5feed9f8a5 Mon Sep 17 00:00:00 2001 From: unknown Date: Fri, 22 Dec 2006 12:12:58 +0100 Subject: Bug#22694 "function plugin_foreach_with_mask() uses an uninitialized pointer" Fix uninitialized memory. sql/sql_plugin.cc: move my_alloca() call out of nested stack frame. ensure that every element of array is initialized. --- sql/sql_plugin.cc | 19 ++++++++++--------- 1 file changed, 10 insertions(+), 9 deletions(-) diff --git a/sql/sql_plugin.cc b/sql/sql_plugin.cc index 8cd4c661fb8..9ff88b2054a 100644 --- a/sql/sql_plugin.cc +++ b/sql/sql_plugin.cc @@ -951,29 +951,30 @@ my_bool plugin_foreach_with_mask(THD *thd, plugin_foreach_func *func, state_mask= ~state_mask; // do it only once rw_rdlock(&THR_LOCK_plugin); + total= type == MYSQL_ANY_PLUGIN ? plugin_array.elements + : plugin_hash[type].records; + /* + Do the alloca out here in case we do have a working alloca: + leaving the nested stack frame invalidates alloca allocation. + */ + plugins=(struct st_plugin_int **)my_alloca(total*sizeof(*plugins)); if (type == MYSQL_ANY_PLUGIN) { - total=plugin_array.elements; - plugins=(struct st_plugin_int **)my_alloca(total*sizeof(*plugins)); for (idx= 0; idx < total; idx++) { plugin= dynamic_element(&plugin_array, idx, struct st_plugin_int *); - if (plugin->state & state_mask) - continue; - plugins[idx]= plugin; + plugins[idx]= !(plugin->state & state_mask) ? plugin : NULL; } } else { - HASH *hash= &plugin_hash[type]; - total=hash->records; - plugins=(struct st_plugin_int **)my_alloca(total*sizeof(*plugins)); + HASH *hash= plugin_hash + type; for (idx= 0; idx < total; idx++) { plugin= (struct st_plugin_int *) hash_element(hash, idx); if (plugin->state & state_mask) continue; - plugins[idx]= plugin; + plugins[idx]= !(plugin->state & state_mask) ? plugin : NULL; } } rw_unlock(&THR_LOCK_plugin); -- cgit v1.2.1