database/mariadb
1
0
Fork 0
mirror of https://github.com/MariaDB/server.git synced 2025-09-02 09:41:40 +03:00
Code Activity

Bug #42064: low memory crash when importing hex strings, in

Browse Source 
Item_hex_string::Item_hex_string

The status of memory allocation in the Lex_input_stream (called
from the Parser_state constructor) was not checked which led to
a parser crash in case of the out-of-memory error.

The solution is to introduce new init() member function in
Parser_state and Lex_input_stream so that status of memory
allocation can be returned to the caller.

mysql-test/r/error_simulation.result:
  Added a test case for bug #42064.
mysql-test/t/error_simulation.test:
  Added a test case for bug #42064.
mysys/my_alloc.c:
  Added error injection code for the regression test.
mysys/my_malloc.c:
  Added error injection code for the regression test.
mysys/safemalloc.c:
  Added error injection code for the regression test.
sql/event_data_objects.cc:
  Use the new init() member function of Parser_state and check
  its return value to handle memory allocation failures.
sql/mysqld.cc:
  Added error injection code for the regression test.
sql/sp.cc:
  Use the new init() member function of Parser_state and check
  its return value to handle memory allocation failures.
sql/sql_lex.cc:
  Moved memory allocation from constructor to the separate init()
  member function.
  Added error injection code for the regression test.
sql/sql_lex.h:
  Moved memory allocation from constructor to the separate init()
  member function.
sql/sql_parse.cc:
  Use the new init() member function of Parser_state and check
  its return value to handle memory allocation failures.
sql/sql_partition.cc:
  Use the new init() member function of Parser_state and check
  its return value to handle memory allocation failures.
sql/sql_prepare.cc:
  Use the new init() member function of Parser_state and check
  its return value to handle memory allocation failures.
sql/sql_trigger.cc:
  Use the new init() member function of Parser_state and check
  its return value to handle memory allocation failures.
sql/sql_view.cc:
  Use the new init() member function of Parser_state and check
  its return value to handle memory allocation failures..
sql/thr_malloc.cc:
  Added error injection code for the regression test.
This commit is contained in:
Alexey Kopytov
2010-05-21 15:23:48 +04:00
parent 36be33b0ad
commit c2ebb0ac88
16 changed files with 186 additions and 65 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
sql/sql_parse.cc
View File

@@ -5944,10 +5944,15 @@ void mysql_parse(THD *thd, const char *inBuf, uint length,
sp_cache_flush_obsolete(&thd->sp_proc_cache);
sp_cache_flush_obsolete(&thd->sp_func_cache);
Parser_state parser_state(thd, inBuf, length);
bool err= parse_sql(thd, & parser_state, NULL);
*found_semicolon= parser_state.m_lip.found_semicolon;
Parser_state parser_state;
bool err;
if (!(err= parser_state.init(thd, inBuf, length)))
{
err= parse_sql(thd, & parser_state, NULL);
*found_semicolon= parser_state.m_lip.found_semicolon;
}
else
*found_semicolon= NULL;
if (!err)
{
@@ -6033,14 +6038,17 @@ bool mysql_test_parse_for_slave(THD *thd, char *inBuf, uint length)
bool error= 0;
DBUG_ENTER("mysql_test_parse_for_slave");
Parser_state parser_state(thd, inBuf, length);
lex_start(thd);
mysql_reset_thd_for_next_command(thd);
Parser_state parser_state;
if (!(error= parser_state.init(thd, inBuf, length)))
{
lex_start(thd);
mysql_reset_thd_for_next_command(thd);
if (!parse_sql(thd, & parser_state, NULL) &&
all_tables_not_ok(thd,(TABLE_LIST*) lex->select_lex.table_list.first))
error= 1; /* Ignore question */
thd->end_statement();
if (!parse_sql(thd, & parser_state, NULL) &&
all_tables_not_ok(thd,(TABLE_LIST*) lex->select_lex.table_list.first))
error= 1; /* Ignore question */
thd->end_statement();
}
thd->cleanup_after_query();
DBUG_RETURN(error);
}