Commit 1794242b authored by thek@adventure.(none)'s avatar thek@adventure.(none)

Bug #31153 calling stored procedure crashes server if available memory is low

When the server was out of memory it crashed because of invalid memory access.

This patch adds detection for failed memory allocations and make the server
output a proper error message.
parent 82767a0a
...@@ -2489,7 +2489,12 @@ static int my_message_sql(uint error, const char *str, myf MyFlags) ...@@ -2489,7 +2489,12 @@ static int my_message_sql(uint error, const char *str, myf MyFlags)
thd->query_error= 1; // needed to catch query errors during replication thd->query_error= 1; // needed to catch query errors during replication
if (!thd->no_warnings_for_error) if (!thd->no_warnings_for_error)
{
thd->no_warnings_for_error= TRUE;
push_warning(thd, MYSQL_ERROR::WARN_LEVEL_ERROR, error, str); push_warning(thd, MYSQL_ERROR::WARN_LEVEL_ERROR, error, str);
thd->no_warnings_for_error= FALSE;
}
/* /*
thd->lex->current_select == 0 if lex structure is not inited thd->lex->current_select == 0 if lex structure is not inited
(not query command (COM_QUERY)) (not query command (COM_QUERY))
...@@ -4295,8 +4300,13 @@ pthread_handler_t handle_connections_sockets(void *arg __attribute__((unused))) ...@@ -4295,8 +4300,13 @@ pthread_handler_t handle_connections_sockets(void *arg __attribute__((unused)))
sock == unix_sock ? VIO_LOCALHOST: 0)) || sock == unix_sock ? VIO_LOCALHOST: 0)) ||
my_net_init(&thd->net,vio_tmp)) my_net_init(&thd->net,vio_tmp))
{ {
if (vio_tmp) /*
vio_delete(vio_tmp); Only delete the temporary vio if we didn't already attach it to the
NET object. The destructor in THD will delete any initialized net
structure.
*/
if (vio_tmp && thd->net.vio != vio_tmp)
vio_delete(vio_tmp);
else else
{ {
(void) shutdown(new_sock, SHUT_RDWR); (void) shutdown(new_sock, SHUT_RDWR);
......
...@@ -411,14 +411,16 @@ check_routine_name(LEX_STRING ident) ...@@ -411,14 +411,16 @@ check_routine_name(LEX_STRING ident)
*/ */
void * void *
sp_head::operator new(size_t size) sp_head::operator new(size_t size) throw()
{ {
DBUG_ENTER("sp_head::operator new"); DBUG_ENTER("sp_head::operator new");
MEM_ROOT own_root; MEM_ROOT own_root;
sp_head *sp; sp_head *sp;
init_alloc_root(&own_root, MEM_ROOT_BLOCK_SIZE, MEM_ROOT_PREALLOC); init_sql_alloc(&own_root, MEM_ROOT_BLOCK_SIZE, MEM_ROOT_PREALLOC);
sp= (sp_head *) alloc_root(&own_root, size); sp= (sp_head *) alloc_root(&own_root, size);
if (sp == NULL)
return NULL;
sp->main_mem_root= own_root; sp->main_mem_root= own_root;
DBUG_PRINT("info", ("mem_root 0x%lx", (ulong) &sp->mem_root)); DBUG_PRINT("info", ("mem_root 0x%lx", (ulong) &sp->mem_root));
DBUG_RETURN(sp); DBUG_RETURN(sp);
...@@ -429,6 +431,10 @@ sp_head::operator delete(void *ptr, size_t size) ...@@ -429,6 +431,10 @@ sp_head::operator delete(void *ptr, size_t size)
{ {
DBUG_ENTER("sp_head::operator delete"); DBUG_ENTER("sp_head::operator delete");
MEM_ROOT own_root; MEM_ROOT own_root;
if (ptr == NULL)
DBUG_VOID_RETURN;
sp_head *sp= (sp_head *) ptr; sp_head *sp= (sp_head *) ptr;
/* Make a copy of main_mem_root as free_root will free the sp */ /* Make a copy of main_mem_root as free_root will free the sp */
...@@ -472,6 +478,9 @@ sp_head::init(LEX *lex) ...@@ -472,6 +478,9 @@ sp_head::init(LEX *lex)
lex->spcont= m_pcont= new sp_pcontext(); lex->spcont= m_pcont= new sp_pcontext();
if (!lex->spcont)
DBUG_VOID_RETURN;
/* /*
Altough trg_table_fields list is used only in triggers we init for all Altough trg_table_fields list is used only in triggers we init for all
types of stored procedures to simplify reset_lex()/restore_lex() code. types of stored procedures to simplify reset_lex()/restore_lex() code.
...@@ -973,7 +982,7 @@ sp_head::execute(THD *thd) ...@@ -973,7 +982,7 @@ sp_head::execute(THD *thd)
DBUG_RETURN(TRUE); DBUG_RETURN(TRUE);
/* init per-instruction memroot */ /* init per-instruction memroot */
init_alloc_root(&execute_mem_root, MEM_ROOT_BLOCK_SIZE, 0); init_sql_alloc(&execute_mem_root, MEM_ROOT_BLOCK_SIZE, 0);
DBUG_ASSERT(!(m_flags & IS_INVOKED)); DBUG_ASSERT(!(m_flags & IS_INVOKED));
m_flags|= IS_INVOKED; m_flags|= IS_INVOKED;
...@@ -1795,16 +1804,29 @@ sp_head::execute_procedure(THD *thd, List<Item> *args) ...@@ -1795,16 +1804,29 @@ sp_head::execute_procedure(THD *thd, List<Item> *args)
} }
// Reset lex during parsing, before we parse a sub statement. /**
void @brief Reset lex during parsing, before we parse a sub statement.
@param thd Thread handler.
@return Error state
@retval true An error occurred.
@retval false Success.
*/
bool
sp_head::reset_lex(THD *thd) sp_head::reset_lex(THD *thd)
{ {
DBUG_ENTER("sp_head::reset_lex"); DBUG_ENTER("sp_head::reset_lex");
LEX *sublex; LEX *sublex;
LEX *oldlex= thd->lex; LEX *oldlex= thd->lex;
sublex= new (thd->mem_root)st_lex_local;
if (sublex == 0)
DBUG_RETURN(TRUE);
thd->lex= sublex;
(void)m_lex.push_front(oldlex); (void)m_lex.push_front(oldlex);
thd->lex= sublex= new st_lex;
/* Reset most stuff. */ /* Reset most stuff. */
lex_start(thd); lex_start(thd);
...@@ -1827,7 +1849,7 @@ sp_head::reset_lex(THD *thd) ...@@ -1827,7 +1849,7 @@ sp_head::reset_lex(THD *thd)
sublex->interval_list.empty(); sublex->interval_list.empty();
sublex->type= 0; sublex->type= 0;
DBUG_VOID_RETURN; DBUG_RETURN(FALSE);
} }
// Restore lex during parsing, after we have parsed a sub statement. // Restore lex during parsing, after we have parsed a sub statement.
...@@ -3703,7 +3725,7 @@ sp_add_to_query_tables(THD *thd, LEX *lex, ...@@ -3703,7 +3725,7 @@ sp_add_to_query_tables(THD *thd, LEX *lex,
if (!(table= (TABLE_LIST *)thd->calloc(sizeof(TABLE_LIST)))) if (!(table= (TABLE_LIST *)thd->calloc(sizeof(TABLE_LIST))))
{ {
my_error(ER_OUTOFMEMORY, MYF(0), sizeof(TABLE_LIST)); thd->fatal_error();
return NULL; return NULL;
} }
table->db_length= strlen(db); table->db_length= strlen(db);
......
...@@ -191,10 +191,10 @@ class sp_head :private Query_arena ...@@ -191,10 +191,10 @@ class sp_head :private Query_arena
Security_context m_security_ctx; Security_context m_security_ctx;
static void * static void *
operator new(size_t size); operator new(size_t size) throw ();
static void static void
operator delete(void *ptr, size_t size); operator delete(void *ptr, size_t size) throw ();
sp_head(); sp_head();
...@@ -254,7 +254,7 @@ class sp_head :private Query_arena ...@@ -254,7 +254,7 @@ class sp_head :private Query_arena
} }
// Resets lex in 'thd' and keeps a copy of the old one. // Resets lex in 'thd' and keeps a copy of the old one.
void bool
reset_lex(THD *thd); reset_lex(THD *thd);
// Restores lex in 'thd' from our copy, but keeps some status from the // Restores lex in 'thd' from our copy, but keeps some status from the
......
...@@ -80,7 +80,6 @@ bool Prelock_error_handler::safely_trapped_errors() ...@@ -80,7 +80,6 @@ bool Prelock_error_handler::safely_trapped_errors()
return ((m_handled_errors > 0) && (m_unhandled_errors == 0)); return ((m_handled_errors > 0) && (m_unhandled_errors == 0));
} }
TABLE *unused_tables; /* Used by mysql_test */ TABLE *unused_tables; /* Used by mysql_test */
HASH open_cache; /* Used by mysql_test */ HASH open_cache; /* Used by mysql_test */
...@@ -2643,7 +2642,7 @@ int open_tables(THD *thd, TABLE_LIST **start, uint *counter, uint flags) ...@@ -2643,7 +2642,7 @@ int open_tables(THD *thd, TABLE_LIST **start, uint *counter, uint flags)
temporary mem_root for new .frm parsing. temporary mem_root for new .frm parsing.
TODO: variables for size TODO: variables for size
*/ */
init_alloc_root(&new_frm_mem, 8024, 8024); init_sql_alloc(&new_frm_mem, 8024, 8024);
thd->current_tablenr= 0; thd->current_tablenr= 0;
restart: restart:
......
...@@ -1283,11 +1283,11 @@ typedef struct st_lex : public Query_tables_list ...@@ -1283,11 +1283,11 @@ typedef struct st_lex : public Query_tables_list
struct st_lex_local: public st_lex struct st_lex_local: public st_lex
{ {
static void *operator new(size_t size) static void *operator new(size_t size) throw()
{ {
return (void*) sql_alloc((uint) size); return (void*) sql_alloc((uint) size);
} }
static void *operator new(size_t size, MEM_ROOT *mem_root) static void *operator new(size_t size, MEM_ROOT *mem_root) throw()
{ {
return (void*) alloc_root(mem_root, (uint) size); return (void*) alloc_root(mem_root, (uint) size);
} }
...@@ -1303,3 +1303,4 @@ extern void lex_start(THD *thd); ...@@ -1303,3 +1303,4 @@ extern void lex_start(THD *thd);
extern void lex_end(LEX *lex); extern void lex_end(LEX *lex);
extern int MYSQLlex(void *arg, void *yythd); extern int MYSQLlex(void *arg, void *yythd);
extern char *skip_rear_comments(CHARSET_INFO *cs, char *begin, char *end); extern char *skip_rear_comments(CHARSET_INFO *cs, char *begin, char *end);
...@@ -2659,7 +2659,7 @@ Prepared_statement::Prepared_statement(THD *thd_arg, Protocol *protocol_arg) ...@@ -2659,7 +2659,7 @@ Prepared_statement::Prepared_statement(THD *thd_arg, Protocol *protocol_arg)
last_errno(0), last_errno(0),
flags((uint) IS_IN_USE) flags((uint) IS_IN_USE)
{ {
init_alloc_root(&main_mem_root, thd_arg->variables.query_alloc_block_size, init_sql_alloc(&main_mem_root, thd_arg->variables.query_alloc_block_size,
thd_arg->variables.query_prealloc_size); thd_arg->variables.query_prealloc_size);
*last_error= '\0'; *last_error= '\0';
} }
......
This diff is collapsed.
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment