Details
-
Type:
Bug
-
Status: Open
-
Priority:
Minor
-
Resolution: Unresolved
-
Affects Version/s: 5.5.39
-
Fix Version/s: 5.5
-
Component/s: None
-
Labels:None
-
Environment:x86_64 x86_64 x86_64 GNU/Linux
Description
Reproduce by calling a mysql_thread_end followed by mysql->methods->free_embedded_thd()
The call sequence is illegal and expected outcome would be an error or some indication of error.
The location of problematic code :
mysys_var=my_thread_var; /* Let mysqld define the thread id (not mysys) This allows us to move THD to different threads if needed. */ mysys_var->id= thread_id; real_id= pthread_self(); // For debugging mysys_var->stack_ends_here= thread_stack + // for consistency, see libevent_thread_proc STACK_DIRECTION * (long)my_thread_stack_size;
where mysys_var is NULL.
Valgrind:
==15784== 1 errors in context 1 of 10: ==15784== Thread 9: ==15784== Invalid write of size 8 ==15784== at 0x528A309: THD::store_globals() (sql_class.cc:1791) ==15784== by 0x519A68F: emb_free_embedded_thd (lib_sql.cc:422) ==15784== by 0x1A72064F: parsing_info_done (query_classifier.cc:1034) ==15784== by 0x40933B: gwbuf_remove_buffer_object (buffer.c:463) ==15784== by 0x4085D1: gwbuf_free (buffer.c:122) ==15784== by 0x408EA5: gwbuf_consume (buffer.c:316) ==15784== by 0x40E91A: dcb_write (dcb.c:935) ==15784== by 0x1F9CCA66: backend_write_delayqueue (mysql_backend.c:1113) ==15784== by 0x1F9CB066: gw_read_backend_event (mysql_backend.c:410) ==15784== by 0x4175C5: poll_waitevents (poll.c:424) ==15784== by 0x80B9E0E: start_thread (in /lib64/libpthread-2.17.so) ==15784== by 0x83B744C: clone (in /lib64/libc-2.17.so) ==15784== Address 0x90 is not stack'd, malloc'd or (recently) free'd
Gliffy Diagrams
Attachments
Activity
- All
- Comments
- Work Log
- History
- Activity
- Transitions
I guess the function is not very often called directly from client application.