• Ramil Kalimullin's avatar
    Fix for bug#40770: Server Crash when running with triggers including · c3dc1d6d
    Ramil Kalimullin authored
    variable settings (rpl_sys)
    
    Problem: under certain conditions (e.g. user variables usage in triggers)
    accessing a user defined variable we may use a variables hash table that
    belongs to already deleted thread. It happens if
    thd= new THD;
    has the same address as just deleted thd as we use
    if (stored_thd == thd)
    to check.
    That may lead to unpredictable results, server crash etc.
    
    Fix: use thread_id instead of thd address to distinguish threads.
    
    Note: no simple and repeatable test case.
    
    
    sql/item_func.cc:
      Fix for bug#40770: Server Crash when running with triggers including
      variable settings (rpl_sys)
        - store and use thd->thread_id to distinguish threads instead of
      thread address as it may be the same as just deleted thread had, 
      i.e. we may get (old_thd == new_thd) after
      delete old_thd;
      new_thd= new THD;
        - set entry_thread_id only when we get a real entry, clear it 
      if the hash search fails.
    sql/item_func.h:
      Fix for bug#40770: Server Crash when running with triggers including
      variable settings (rpl_sys)
        - Item_func_set_user_var::entry_thread_id introduced.
    c3dc1d6d
item_func.h 47.6 KB