Commit 2500fac4 authored by unknown's avatar unknown

BUG#23443: user-defined variables can consume too much memory in the

           server

The problem was that when memory was exhausted HEAP engine could crash
(GROUP BY uses HEAP TABLE).  Alternatively, if SET was used, it could
report an error "You may only use constant expressions with SET" instead
of "Out of memory (Needed NNNNNN bytes)".

The solution is:
 - pass MY_WME to (some) calls to my_malloc() to get correct message.
 - fix heap_write() so that the first key is skipped during cleanup
   on ENOMEM because it wasn't inserted and doesn't have to be
   deleted.

No test case is provided because we can't test out-of-memory behaviour
in our current test framework.


heap/hp_block.c:
  If allocation fails, write an error message.
heap/hp_write.c:
  On ENOMEM, skip the first key in cleanup, as it wasn't inserted yet.
sql/item_func.cc:
  Add MY_WME so that OOM error will be reported.
parent 37a4fbab
......@@ -47,7 +47,7 @@ int _hp_get_new_block(HP_BLOCK *block, ulong *alloc_length)
break;
*alloc_length=sizeof(HP_PTRS)*i+block->records_in_block* block->recbuffer;
if (!(root=(HP_PTRS*) my_malloc(*alloc_length,MYF(0))))
if (!(root=(HP_PTRS*) my_malloc(*alloc_length,MYF(MY_WME))))
return 1;
if (i == 0)
......
......@@ -66,13 +66,22 @@ int heap_write(HP_INFO *info, const byte *record)
DBUG_RETURN(0);
err:
if (my_errno == HA_ERR_FOUND_DUPP_KEY)
DBUG_PRINT("info",("Duplicate key: %d",key));
info->errkey= key;
do
/*
Because 'key' is unsigned, we increase it before the loop, unless
we have to skip the key that wasn't inserted yet due to OOM. In
the loop we test 'key' before decreasing it as the protection
against value wraparound.
*/
if (my_errno != ENOMEM)
key++;
while (key-- > 0)
{
if (_hp_delete_key(info,share->keydef+key,record,pos,0))
break;
} while (key-- > 0);
}
share->deleted++;
*((byte**) pos)=share->del_link;
......
......@@ -1892,8 +1892,9 @@ bool Item_func_set_user_var::update_hash(const void *ptr, uint length,
char *pos= (char*) entry+ ALIGN_SIZE(sizeof(user_var_entry));
if (entry->value == pos)
entry->value=0;
if (!(entry->value=(char*) my_realloc(entry->value, length,
MYF(MY_ALLOW_ZERO_PTR))))
entry->value= (char*) my_realloc(entry->value, length,
MYF(MY_ALLOW_ZERO_PTR | MY_WME));
if (!entry->value)
goto err;
}
}
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment