• Alexey Kopytov's avatar
    Bug #42064: low memory crash when importing hex strings, in · c2ebb0ac
    Alexey Kopytov authored
                Item_hex_string::Item_hex_string
    
    The status of memory allocation in the Lex_input_stream (called
    from the Parser_state constructor) was not checked which led to
    a parser crash in case of the out-of-memory error.
    
    The solution is to introduce new init() member function in
    Parser_state and Lex_input_stream so that status of memory
    allocation can be returned to the caller.
    
    mysql-test/r/error_simulation.result:
      Added a test case for bug #42064.
    mysql-test/t/error_simulation.test:
      Added a test case for bug #42064.
    mysys/my_alloc.c:
      Added error injection code for the regression test.
    mysys/my_malloc.c:
      Added error injection code for the regression test.
    mysys/safemalloc.c:
      Added error injection code for the regression test.
    sql/event_data_objects.cc:
      Use the new init() member function of Parser_state and check
      its return value to handle memory allocation failures.
    sql/mysqld.cc:
      Added error injection code for the regression test.
    sql/sp.cc:
      Use the new init() member function of Parser_state and check
      its return value to handle memory allocation failures.
    sql/sql_lex.cc:
      Moved memory allocation from constructor to the separate init()
      member function.
      Added error injection code for the regression test.
    sql/sql_lex.h:
      Moved memory allocation from constructor to the separate init()
      member function.
    sql/sql_parse.cc:
      Use the new init() member function of Parser_state and check
      its return value to handle memory allocation failures.
    sql/sql_partition.cc:
      Use the new init() member function of Parser_state and check
      its return value to handle memory allocation failures.
    sql/sql_prepare.cc:
      Use the new init() member function of Parser_state and check
      its return value to handle memory allocation failures.
    sql/sql_trigger.cc:
      Use the new init() member function of Parser_state and check
      its return value to handle memory allocation failures.
    sql/sql_view.cc:
      Use the new init() member function of Parser_state and check
      its return value to handle memory allocation failures..
    sql/thr_malloc.cc:
      Added error injection code for the regression test.
    c2ebb0ac
thr_malloc.cc 3.88 KB
/* Copyright (C) 2000-2001, 2003-2004 MySQL AB

   This program is free software; you can redistribute it and/or modify
   it under the terms of the GNU General Public License as published by
   the Free Software Foundation; version 2 of the License.

   This program is distributed in the hope that it will be useful,
   but WITHOUT ANY WARRANTY; without even the implied warranty of
   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
   GNU General Public License for more details.

   You should have received a copy of the GNU General Public License
   along with this program; if not, write to the Free Software
   Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA */


/* Mallocs for used in threads */

#include "mysql_priv.h"

extern "C" {
  void sql_alloc_error_handler(void)
  {
    THD *thd= current_thd;
    if (thd)
    {
      if (! thd->is_error())
      {
        /*
          This thread is Out Of Memory.
          An OOM condition is a fatal error.
          It should not be caught by error handlers in stored procedures.
          Also, recording that SQL condition in the condition area could
          cause more memory allocations, which in turn could raise more
          OOM conditions, causing recursion in the error handling code itself.
          As a result, my_error() should not be invoked, and the
          thread diagnostics area is set to an error status directly.
          Note that Diagnostics_area::set_error_status() is safe,
          since it does not call any memory allocation routines.
          The visible result for a client application will be:
          - a query fails with an ER_OUT_OF_RESOURCES error,
          returned in the error packet.
          - SHOW ERROR/SHOW WARNINGS may be empty.
        */
        thd->main_da.set_error_status(thd,
                                      ER_OUT_OF_RESOURCES,
                                      ER(ER_OUT_OF_RESOURCES));
      }
    }

    /* Skip writing to the error log to avoid mtr complaints */
    DBUG_EXECUTE_IF("simulate_out_of_memory", return;);

    sql_print_error("%s", ER(ER_OUT_OF_RESOURCES));

  }
}

void init_sql_alloc(MEM_ROOT *mem_root, uint block_size, uint pre_alloc)
{
  init_alloc_root(mem_root, block_size, pre_alloc);
  mem_root->error_handler=sql_alloc_error_handler;
}


void *sql_alloc(size_t Size)
{
  MEM_ROOT *root= *my_pthread_getspecific_ptr(MEM_ROOT**,THR_MALLOC);
  return alloc_root(root,Size);
}


void *sql_calloc(size_t size)
{
  void *ptr;
  if ((ptr=sql_alloc(size)))
    bzero(ptr,size);
  return ptr;
}


char *sql_strdup(const char *str)
{
  size_t len= strlen(str)+1;
  char *pos;
  if ((pos= (char*) sql_alloc(len)))
    memcpy(pos,str,len);
  return pos;
}


char *sql_strmake(const char *str, size_t len)
{
  char *pos;
  if ((pos= (char*) sql_alloc(len+1)))
  {
    memcpy(pos,str,len);
    pos[len]=0;
  }
  return pos;
}


void* sql_memdup(const void *ptr, size_t len)
{
  void *pos;
  if ((pos= sql_alloc(len)))
    memcpy(pos,ptr,len);
  return pos;
}

void sql_element_free(void *ptr __attribute__((unused)))
{} /* purecov: deadcode */



char *sql_strmake_with_convert(const char *str, size_t arg_length,
			       CHARSET_INFO *from_cs,
			       size_t max_res_length,
			       CHARSET_INFO *to_cs, size_t *result_length)
{
  char *pos;
  size_t new_length= to_cs->mbmaxlen*arg_length;
  max_res_length--;				// Reserve place for end null

  set_if_smaller(new_length, max_res_length);
  if (!(pos= (char*) sql_alloc(new_length+1)))
    return pos;					// Error

  if ((from_cs == &my_charset_bin) || (to_cs == &my_charset_bin))
  {
    // Safety if to_cs->mbmaxlen > 0
    new_length= min(arg_length, max_res_length);
    memcpy(pos, str, new_length);
  }
  else
  {
    uint dummy_errors;
    new_length= copy_and_convert((char*) pos, new_length, to_cs, str,
				 arg_length, from_cs, &dummy_errors);
  }
  pos[new_length]= 0;
  *result_length= new_length;
  return pos;
}