Commit 1e860400 authored by monty@mysql.com's avatar monty@mysql.com

Extra safety fixes (probably not needed, but can't hurt)

parent 7bcb79e7
...@@ -395,12 +395,9 @@ innobase_mysql_print_thd( ...@@ -395,12 +395,9 @@ innobase_mysql_print_thd(
but better be safe */ but better be safe */
} }
for (i = 0; i < len && s[i]; i++); /* Use strmake to reduce the timeframe
for a race, compared to fwrite() */
memcpy(buf, s, i); /* Use memcpy to reduce the timeframe i= (uint) (strmake(buf, s, len) - buf);
for a race, compared to fwrite() */
buf[300] = '\0'; /* not needed, just extra safety */
putc('\n', f); putc('\n', f);
fwrite(buf, 1, i, f); fwrite(buf, 1, i, f);
} }
......
...@@ -1067,6 +1067,7 @@ bool dispatch_command(enum enum_server_command command, THD *thd, ...@@ -1067,6 +1067,7 @@ bool dispatch_command(enum enum_server_command command, THD *thd,
packet_length--; packet_length--;
} }
/* We must allocate some extra memory for query cache */ /* We must allocate some extra memory for query cache */
thd->query_length= 0; // Extra safety: Avoid races
if (!(thd->query= (char*) thd->memdup_w_gap((gptr) (packet), if (!(thd->query= (char*) thd->memdup_w_gap((gptr) (packet),
packet_length, packet_length,
thd->db_length+2+ thd->db_length+2+
...@@ -2982,8 +2983,8 @@ void mysql_parse(THD *thd, char *inBuf, uint length) ...@@ -2982,8 +2983,8 @@ void mysql_parse(THD *thd, char *inBuf, uint length)
{ {
DBUG_ENTER("mysql_parse"); DBUG_ENTER("mysql_parse");
mysql_init_query(thd);
thd->query_length = length; thd->query_length = length;
mysql_init_query(thd);
if (query_cache_send_result_to_client(thd, inBuf, length) <= 0) if (query_cache_send_result_to_client(thd, inBuf, length) <= 0)
{ {
LEX *lex=lex_start(thd, (uchar*) inBuf, length); LEX *lex=lex_start(thd, (uchar*) inBuf, length);
......
...@@ -1147,8 +1147,7 @@ void mysqld_list_processes(THD *thd,const char *user, bool verbose) ...@@ -1147,8 +1147,7 @@ void mysqld_list_processes(THD *thd,const char *user, bool verbose)
races with query_length races with query_length
*/ */
uint length= min(max_query_length, tmp->query_length); uint length= min(max_query_length, tmp->query_length);
thd_info->query=(char*) thd->memdup(tmp->query,length+1); thd_info->query=(char*) thd->strmake(tmp->query,length);
thd_info->query[length]=0;
} }
thread_infos.append(thd_info); thread_infos.append(thd_info);
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment