Fix for BUG#15018 "valgrind error in Rpl_filter (uninitalized memory - could crash)".

The code was reading a HASH or DYNAMIC_ARRAY which may be uninited (difference from 5.0 is that those vars were always zeroed in 5.0 because were static globals, while they are new'd in 5.1).
2025-07-30 16:24:05 +03:00 · 2005-11-17 15:58:55 +01:00
parent 6c4a4d18cb
commit 2c8d2ebe6f
2 changed files with 31 additions and 19 deletions
--- a/sql/rpl_filter.cc
+++ b/sql/rpl_filter.cc
@ -449,30 +449,37 @@ Rpl_filter::free_string_array(DYNAMIC_ARRAY *a)
 */

 void 
-Rpl_filter::table_rule_ent_hash_to_str(String* s, HASH* h)
+Rpl_filter::table_rule_ent_hash_to_str(String* s, HASH* h, bool inited)
 {
  s->length(0);
-  for (uint i= 0; i < h->records; i++)
+  if (inited)
  {
-    TABLE_RULE_ENT* e= (TABLE_RULE_ENT*) hash_element(h, i);
-    if (s->length())
-      s->append(',');
-    s->append(e->db,e->key_len);
+    for (uint i= 0; i < h->records; i++)
+    {
+      TABLE_RULE_ENT* e= (TABLE_RULE_ENT*) hash_element(h, i);
+      if (s->length())
+        s->append(',');
+      s->append(e->db,e->key_len);
+    }
  }
 }


 void 
-Rpl_filter::table_rule_ent_dynamic_array_to_str(String* s, DYNAMIC_ARRAY* a)
+Rpl_filter::table_rule_ent_dynamic_array_to_str(String* s, DYNAMIC_ARRAY* a,
+                                                bool inited)
 {
  s->length(0);
-  for (uint i= 0; i < a->elements; i++)
+  if (inited)
  {
-    TABLE_RULE_ENT* e;
-    get_dynamic(a, (gptr)&e, i);
-    if (s->length())
-      s->append(',');
-    s->append(e->db,e->key_len);
+    for (uint i= 0; i < a->elements; i++)
+    {
+      TABLE_RULE_ENT* e;
+      get_dynamic(a, (gptr)&e, i);
+      if (s->length())
+        s->append(',');
+      s->append(e->db,e->key_len);
+    }
  }
 }

@ -480,28 +487,28 @@ Rpl_filter::table_rule_ent_dynamic_array_to_str(String* s, DYNAMIC_ARRAY* a)
 void
 Rpl_filter::get_do_table(String* str)
 {
-  table_rule_ent_hash_to_str(str, &do_table);
+  table_rule_ent_hash_to_str(str, &do_table, do_table_inited);
 }


 void
 Rpl_filter::get_ignore_table(String* str)
 {
-  table_rule_ent_hash_to_str(str, &ignore_table);
+  table_rule_ent_hash_to_str(str, &ignore_table, ignore_table_inited);
 }


 void
 Rpl_filter::get_wild_do_table(String* str)
 {
-  table_rule_ent_dynamic_array_to_str(str, &wild_do_table);
+  table_rule_ent_dynamic_array_to_str(str, &wild_do_table, wild_do_table_inited);
 }


 void
 Rpl_filter::get_wild_ignore_table(String* str)
 {
-  table_rule_ent_dynamic_array_to_str(str, &wild_ignore_table);
+  table_rule_ent_dynamic_array_to_str(str, &wild_ignore_table, wild_ignore_table_inited);
 }


--- a/sql/rpl_filter.h
+++ b/sql/rpl_filter.h
@ -87,10 +87,15 @@ private:

  void free_string_array(DYNAMIC_ARRAY *a);

-  void table_rule_ent_hash_to_str(String* s, HASH* h);
-  void table_rule_ent_dynamic_array_to_str(String* s, DYNAMIC_ARRAY* a);
+  void table_rule_ent_hash_to_str(String* s, HASH* h, bool inited);
+  void table_rule_ent_dynamic_array_to_str(String* s, DYNAMIC_ARRAY* a,
+                                           bool inited);
  TABLE_RULE_ENT* find_wild(DYNAMIC_ARRAY *a, const char* key, int len);

+  /*
+    Those 4 structures below are uninitialized memory unless the
+    corresponding *_inited variables are "true".
+  */
  HASH do_table;
  HASH ignore_table;
  DYNAMIC_ARRAY wild_do_table;