[MDEV-8399] [PATCH] Missing Sanity Checks for memory allocation in MariaDB - JIRA

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: 10.0.20-galera
Fix Version/s: 10.0.21, 10.1.6
Component/s: Tests
Labels:
- Sanity_Checking
Environment:
Linux/FreeBSD, etc (issue is in software, not compiling, building, etc)

Description

Subj: Missing Sanity Checks in MariaDB 10.0.2x

Hello All,

In reviewing code in MariaDB 10.0.2x, I found instances where
a memory request via malloc() or calloc() is made, but no check
for a return value of NULL, indicating failure is made. The
patch files are listed below and attached to this bug report:

--- groonga.c.orig      2015-06-27 16:07:46.000000000 -0700
+++ groonga.c   2015-06-27 16:08:29.000000000 -0700
@@ -101,6 +101,9 @@
   long flags = 0;
   grn_rc rc;
 
+       if (ctx == NULL) {
+               RETURN_FALSE;           /*      Unable to allocate memory for ctx       */
+       }
 
   if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "|l", &flags) == FAILURE) {
     return;

--- thr_lock.c.orig     2015-06-27 15:55:53.000000000 -0700
+++ thr_lock.c  2015-06-27 15:58:01.000000000 -0700
@@ -1792,6 +1792,10 @@
   for (i=0 ; i < array_elements(lock_counts) ; i++)
   {
     param=(int*) malloc(sizeof(int));
+               if (param == NULL) {
+                       fprintf(stderr, "Unable to allocate memory for mysql_mutex_lock (errno: %d)\n", errno);
+                       exit(1);
+               }
     *param=i;
 
     if ((error= mysql_mutex_lock(&LOCK_thread_count)))

--- thr_alarm.c.orig    2015-06-27 15:52:16.000000000 -0700
+++ thr_alarm.c 2015-06-27 15:54:20.000000000 -0700
@@ -816,6 +816,10 @@
   for (i=0 ; i < 2 ; i++)
   {
     param=(int*) malloc(sizeof(int));
+               if (param == NULL) {
+                       fprintf(stderr, "Unable to allocate memory for thread %d...exiting...\n", i);
+                       exit(1);
+               }
     *param= i;
     mysql_mutex_lock(&LOCK_thread_count);
     if ((error= mysql_thread_create(0,

Questions, Comments, Suggestions?

I am attaching the patch file(s) to this bug report.

Bill Parker (wp02855 at gmail dot com)

Gliffy Diagrams

Attachments

Options
- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List
- Download All

Attachments

groonga.c.patch
0.3 kB
2015-06-30 20:15
thr_alarm.c.patch
0.4 kB
2015-06-30 20:15
thr_lock.c.patch
0.4 kB
2015-06-30 20:16

Issue Links

links to

Github revision

Activity

Ascending order - Click to sort in descending order

Hide

Permalink

Sergey Vojtovich added a comment - 2015-07-01 10:22

Alas we have dozens of such instances. My suggestions:

thr_alarm.c - this is mostly dead code, anyway malloc not needed, use static buffer
thr_lock.c - same
groonga.c - needs to be reported to Kentoku, author of mroonga

Show

Sergey Vojtovich added a comment - 2015-07-01 10:22 Alas we have dozens of such instances. My suggestions: thr_alarm.c - this is mostly dead code, anyway malloc not needed, use static buffer thr_lock.c - same groonga.c - needs to be reported to Kentoku , author of mroonga

Hide

Permalink

Sergey Vojtovich added a comment - 2015-07-16 15:21

Sergei Golubchik, please review fix for this bug.

Show

Sergey Vojtovich added a comment - 2015-07-16 15:21 Sergei Golubchik , please review fix for this bug.

Hide

Permalink

Sergey Vojtovich added a comment - 2015-07-23 21:54

Missing check in groonga was reported to Kentoku.

Show

Sergey Vojtovich added a comment - 2015-07-23 21:54 Missing check in groonga was reported to Kentoku.

People

Assignee:

Sergey Vojtovich

Reporter:

Bill Parker

Votes:

0 Vote for this issue

Watchers:

3 Start watching this issue

Dates

Created:

2015-06-30 20:16

Updated:

2015-07-23 21:55

Resolved:

2015-07-23 21:55

Time Tracking

Estimated:

2d 2h

Remaining:

2d 2h

Logged:

Not Specified

Agile

View on Board