-
Nisha Gopalakrishnan authored
FETCHING VARIABLE Analysis: -------- Concurrent execution of a stored program having cursor and a FLUSH TABLE operation may cause the 'mysqld' to crash. The crash can be observed, when the events occurs in the following sequence: a) Cursor OPEN executes the SELECT statement for which the table is opened. b) Flush table operation is triggered and finds that a table share object is present. Its version is marked as zero to ensure that the share is removed when it is no longer referenced. c) Since the share version is old and is referenced, the flush table operation waits until the flush request is granted. d) The SELECT statement execution for cursor OPEN closes all tables except the internal temporary table used by cursor for saving the materialized records. e) While closing the table, since the table share is an old version and there is a pending flush request, the flush request is granted. Thus the table share is deleted by awakening the FLUSH TABLE operation. f) During the cursor FETCH operation, the column type is checked for field conversion. To perform the check, the table share of orig_table in the field definition of the cursor temporary table is accessed. Since the share was deleted by FLUSH operation, accessing the invalid memory may cause the server to crash. Fix: --- In case of cursors, since all tables other than the temporary table are closed, the orig_table in the field definition for the internal temporary table is set to NULL. This is done once the metadata of the temporary table for the CURSOR is sent.
Nisha Gopalakrishnan authoredFETCHING VARIABLE Analysis: -------- Concurrent execution of a stored program having cursor and a FLUSH TABLE operation may cause the 'mysqld' to crash. The crash can be observed, when the events occurs in the following sequence: a) Cursor OPEN executes the SELECT statement for which the table is opened. b) Flush table operation is triggered and finds that a table share object is present. Its version is marked as zero to ensure that the share is removed when it is no longer referenced. c) Since the share version is old and is referenced, the flush table operation waits until the flush request is granted. d) The SELECT statement execution for cursor OPEN closes all tables except the internal temporary table used by cursor for saving the materialized records. e) While closing the table, since the table share is an old version and there is a pending flush request, the flush request is granted. Thus the table share is deleted by awakening the FLUSH TABLE operation. f) During the cursor FETCH operation, the column type is checked for field conversion. To perform the check, the table share of orig_table in the field definition of the cursor temporary table is accessed. Since the share was deleted by FLUSH operation, accessing the invalid memory may cause the server to crash. Fix: --- In case of cursors, since all tables other than the temporary table are closed, the orig_table in the field definition for the internal temporary table is set to NULL. This is done once the metadata of the temporary table for the CURSOR is sent.
Loading