• unknown's avatar
    BUG#50157 Assertion !active_tranxs_->is_tranx_end_pos(..) in ReplSemiSyncMaster::commitTrx · a1bfae20
    unknown authored
    The root cause of the crash is that a TranxNode is freed before it is used.
    A TranxNode is allocated and inserted into the active list each time 
    a log event is written and flushed into the binlog file. 
    The memory for TranxNode is allocated with thd_alloc and will be freed 
    at the end of the statement. The after_commit/after_rollback callback
    was supposed to be called before the end of each statement and remove the node from
    the active list. However this assumption is not correct in all cases(e.g. call 
    'CREATE TEMPORARY TABLE myisam_t SELECT * FROM innodb_t' in a transaction
     and delete all temporary tables automatically when a session closed), 
    and can cause the memory allocated for TranxNode be freed
    before it was removed from the active list. So The TranxNode pointer in the active
    list would become a wild pointer and cause the crash.
    
    After this patch, We have a class called a TranxNodeAllocate which manages the memory
    for allocating and freeing TranxNode. It uses my_malloc to allocate memory.
    
    
    sql/rpl_handler.cc:
      params are not initialized.
    a1bfae20
semisync_master.h 19.7 KB