From 7feb51da5abfc449eae851095d349c40b671fd05 Mon Sep 17 00:00:00 2001
From: Alexey Botchkov <holyfoot@mysql.com>
Date: Tue, 9 Mar 2010 14:19:10 +0400
Subject: Bug#51377      Crash in information_schema / processlist on
 concurrent DDL workload     the fill_schema_processlist function accesses
 THD::query() without proper protection     so the parallel thread killing can
 lead to access to the freed meemory.

per-file comments:
  sql/sql_load.cc
Bug#51377      Crash in information_schema / processlist on concurrent DDL workload
    the THD::set_query_inner() call needs to be protected.
    But here we don't need to change the original thd->query() at all.
  sql/sql_show.cc
Bug#51377      Crash in information_schema / processlist on concurrent DDL workload
    protect the THD::query() access with the THD::LOCK_thd_data mutex.
---
 sql/sql_load.cc | 8 +++-----
 1 file changed, 3 insertions(+), 5 deletions(-)

(limited to 'sql/sql_load.cc')

diff --git a/sql/sql_load.cc b/sql/sql_load.cc
index ee3b442c83a..3fb1b07cf6c 100644
--- a/sql/sql_load.cc
+++ b/sql/sql_load.cc
@@ -689,12 +689,10 @@ static bool write_execute_load_query_log_event(THD *thd, sql_exchange* ex,
   strcpy(end, p);
   end += pl;
 
-  thd->set_query_inner(load_data_query, end - load_data_query);
-
   Execute_load_query_log_event
-    e(thd, thd->query(), thd->query_length(),
-      (uint) ((char*) fname_start - (char*) thd->query() - 1),
-      (uint) ((char*) fname_end - (char*) thd->query()),
+    e(thd, load_data_query, end-load_data_query,
+      (uint) ((char*) fname_start - load_data_query - 1),
+      (uint) ((char*) fname_end - load_data_query),
       (duplicates == DUP_REPLACE) ? LOAD_DUP_REPLACE :
       (ignore ? LOAD_DUP_IGNORE : LOAD_DUP_ERROR),
       transactional_table, FALSE, errcode);
-- 
cgit v1.2.1