database/mariadb
1
0
Fork 0
mirror of https://github.com/MariaDB/server.git synced 2025-08-07 00:04:31 +03:00
Code Activity

MDEV-7201: parallel threads resizing - potential race condition to access freed memory

Browse Source 
pool->threads is freed before being reassigned the new pool.

Although not really a memory barrier I though it prudent to keep the pool
thread count to be the lower of the old/new thread list before the new threads
is allocated.
This commit is contained in:
Daniel Black
2015-02-04 13:57:09 +01:00
committed by Kristian Nielsen
parent 324cd36bd2
commit 2deaa292e7
1 changed files with 7 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
sql/rpl_parallel.cc
View File

@@ -1007,6 +1007,7 @@ rpl_parallel_change_thread_count(rpl_parallel_thread_pool *pool,
uint32 new_count, bool skip_check) uint32 new_count, bool skip_check)
{ {
uint32 i; uint32 i;
rpl_parallel_thread **old_list= NULL;
rpl_parallel_thread **new_list= NULL; rpl_parallel_thread **new_list= NULL;
rpl_parallel_thread *new_free_list= NULL; rpl_parallel_thread *new_free_list= NULL;
rpl_parallel_thread *rpt_array= NULL; rpl_parallel_thread *rpt_array= NULL;
@@ -1111,10 +1112,14 @@ rpl_parallel_change_thread_count(rpl_parallel_thread_pool *pool,
} }
} }
my_free(pool->threads); old_list= pool->threads;
if (new_count < pool->count)
pool->count= new_count;
pool->threads= new_list; pool->threads= new_list;
if (new_count > pool->count)
pool->count= new_count;
my_free(old_list);
pool->free_list= new_free_list; pool->free_list= new_free_list;
pool->count= new_count;
for (i= 0; i < pool->count; ++i) for (i= 0; i < pool->count; ++i)
{ {
mysql_mutex_lock(&pool->threads[i]->LOCK_rpl_thread); mysql_mutex_lock(&pool->threads[i]->LOCK_rpl_thread);