Commit 08d1de2c authored by unknown's avatar unknown

mem0pool.c:

  Fix a memory corruption bug: in 32-bit computers, every 4 billionth malloc outside innodb_additional_mem_pool_size was mistreated when freeing the memory; this could corrupt the InnoDB additional mem pool and could have caused crashes anywhere, also inside MySQL, or even database corruption! the bug exists also in 3.23 and 4.1; workaround: configure innodb_additional_mem_pool_size big enough


innobase/mem/mem0pool.c:
  Fix a memory corruption bug: in 32-bit computers, every 4 billionth malloc outside innodb_additional_mem_pool_size was mistreated when freeing the memory; this could corrupt the InnoDB additional mem pool and could have caused crashes anywhere, also inside MySQL, or even database corruption! the bug exists also in 3.23 and 4.1; workaround: configure innodb_additional_mem_pool_size big enough
parent d4f6c7a4
......@@ -97,8 +97,6 @@ struct mem_pool_struct{
/* The common memory pool */
mem_pool_t* mem_comm_pool = NULL;
ulint mem_out_of_mem_err_msg_count = 0;
/* We use this counter to check that the mem pool mutex does not leak;
this is to track a strange assertion failure reported at
mysql@lists.mysql.com */
......@@ -267,8 +265,6 @@ mem_pool_fill_free_list(
/* We come here when we have run out of space in the
memory pool: */
mem_out_of_mem_err_msg_count++;
return(FALSE);
}
......@@ -460,18 +456,14 @@ mem_area_free(
ulint size;
ulint n;
if (mem_out_of_mem_err_msg_count > 0) {
/* It may be that the area was really allocated from the
OS with regular malloc: check if ptr points within
our memory pool */
/* It may be that the area was really allocated from the OS with
regular malloc: check if ptr points within our memory pool */
if ((byte*)ptr < pool->buf
|| (byte*)ptr >= pool->buf + pool->size) {
if ((byte*)ptr < pool->buf || (byte*)ptr >= pool->buf + pool->size) {
ut_free(ptr);
return;
}
}
area = (mem_area_t*) (((byte*)ptr) - MEM_AREA_EXTRA_SIZE);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment