Commit 54115497 authored by Praveenkumar Hulakund's avatar Praveenkumar Hulakund

Bug#17474166 - EXECUTING STATEMENT LIKE 'SHOW ENGINE INNODB'

               AND 'KILL SESSION' LEAD TO CRASH               

Analysis:
--------
This situation occurs when the connection executes query 
"show engine innodb status" and this connection is killed by
executing statement "kill <con>" by another connection.

In function "innodb_show_status", function "stat_print"
is called to print the status but return value of function
is not checked.  After killing connection, if write to 
connection fails then error is returned and same is set
in Diagnostic area. Since FALSE is returned from
"innodb_show_status" now, assert to check no error
is set in function "set_eof_status" (called from
my_eof) is failing. 

Fix:
----
Changed code to check return value of function "stat_print"
in "innodb_show_status".
parent faca34da
...@@ -4921,8 +4921,14 @@ bool ha_show_status(THD *thd, handlerton *db_type, enum ha_stat_type stat) ...@@ -4921,8 +4921,14 @@ bool ha_show_status(THD *thd, handlerton *db_type, enum ha_stat_type stat)
"", 0, "DISABLED", 8) ? 1 : 0; "", 0, "DISABLED", 8) ? 1 : 0;
} }
else else
{
DBUG_EXECUTE_IF("simulate_show_status_failure",
DBUG_SET("+d,simulate_net_write_failure"););
result= db_type->show_status && result= db_type->show_status &&
db_type->show_status(db_type, thd, stat_print, stat) ? 1 : 0; db_type->show_status(db_type, thd, stat_print, stat) ? 1 : 0;
DBUG_EXECUTE_IF("simulate_show_status_failure",
DBUG_SET("-d,simulate_net_write_failure"););
}
} }
if (!result) if (!result)
......
/* Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved. /* Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
This program is free software; you can redistribute it and/or modify This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by it under the terms of the GNU General Public License as published by
...@@ -370,6 +370,12 @@ my_net_write(NET *net,const uchar *packet,size_t len) ...@@ -370,6 +370,12 @@ my_net_write(NET *net,const uchar *packet,size_t len)
MYSQL_NET_WRITE_START(len); MYSQL_NET_WRITE_START(len);
DBUG_EXECUTE_IF("simulate_net_write_failure", {
my_error(ER_NET_ERROR_ON_WRITE, MYF(0));
return 1;
};
);
/* /*
Big packets are handled by splitting them in packets of MAX_PACKET_LENGTH Big packets are handled by splitting them in packets of MAX_PACKET_LENGTH
length. The last packet is always a packet that is < MAX_PACKET_LENGTH. length. The last packet is always a packet that is < MAX_PACKET_LENGTH.
......
...@@ -9526,6 +9526,7 @@ innodb_show_status( ...@@ -9526,6 +9526,7 @@ innodb_show_status(
const long MAX_STATUS_SIZE = 1048576; const long MAX_STATUS_SIZE = 1048576;
ulint trx_list_start = ULINT_UNDEFINED; ulint trx_list_start = ULINT_UNDEFINED;
ulint trx_list_end = ULINT_UNDEFINED; ulint trx_list_end = ULINT_UNDEFINED;
bool ret_val;
DBUG_ENTER("innodb_show_status"); DBUG_ENTER("innodb_show_status");
DBUG_ASSERT(hton == innodb_hton_ptr); DBUG_ASSERT(hton == innodb_hton_ptr);
...@@ -9590,12 +9591,13 @@ innodb_show_status( ...@@ -9590,12 +9591,13 @@ innodb_show_status(
mutex_exit(&srv_monitor_file_mutex); mutex_exit(&srv_monitor_file_mutex);
stat_print(thd, innobase_hton_name, (uint) strlen(innobase_hton_name), ret_val= stat_print(thd, innobase_hton_name,
STRING_WITH_LEN(""), str, flen); (uint) strlen(innobase_hton_name),
STRING_WITH_LEN(""), str, flen);
my_free(str); my_free(str);
DBUG_RETURN(FALSE); DBUG_RETURN(ret_val);
} }
/************************************************************************//** /************************************************************************//**
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment