MDEV-21223 innodb_fts.sync_ddl fails in buildbot, server crashed in que_thr_step

FreeState(): replace pointer to freed memory with NULL. This actually fixes a crash which is use-after-free as reported by ASAN DbugParse(): unconditionally lock mutex because we're touching shared init_settings.keywords

MDEV-21223 innodb_fts.sync_ddl fails in buildbot, server crashed in que_thr_step
FreeState(): replace pointer to freed memory with NULL. This actually fixes a crash which is use-after-free as reported by ASAN DbugParse(): unconditionally lock mutex because we're touching shared init_settings.keywords
4c0854f2 · Eugene Kosov · af650c76 · 4c0854f2
Commit 4c0854f2 authored Dec 05, 2019 by Eugene Kosov
Hide whitespace changes
Inline Side-by-side

Showing with 5 additions and 2 deletions

dbug/dbug.c dbug/dbug.c +5 -2

No files found.
--- a/dbug/dbug.c
+++ b/dbug/dbug.c
@@ -511,9 +511,9 @@ static int DbugParse(CODE_STATE *cs, const char *control)
    {
      /* never share with the global parent - it can change under your feet */
      stack->functions= ListCopy(init_settings.functions);
-      LockIfInitSettings(cs);
+      LockMutex(cs);
      stack->keywords= ListCopy(init_settings.keywords);
-      UnlockIfInitSettings(cs);
+      UnlockMutex(cs);
      stack->processes= ListCopy(init_settings.processes);
    }
    else
@@ -1617,7 +1617,10 @@ static void FreeState(CODE_STATE *cs, int free_state)
  struct settings *state= cs->stack;
  LockIfInitSettings(cs);
  if (!is_shared(state, keywords))
+  {
    FreeList(state->keywords);
+    state->keywords= NULL;
+  }
  UnlockIfInitSettings(cs);
  if (!is_shared(state, functions))
    FreeList(state->functions);