Commit 5cace47b authored by marko's avatar marko

row_drop_table_for_mysql(): Before calling

dict_table_remove_from_cache(table) and thus freeing the memory
allocated for the table, copy the table name.  This avoids reading
freed memory when name == table->name.

Approved by Sunny.
parent c0cadb32
......@@ -2932,8 +2932,6 @@ row_drop_table_for_mysql(
ulint err;
const char* table_name;
ulint namelen;
char* dir_path_of_temp_table = NULL;
ibool success;
ibool locked_dictionary = FALSE;
pars_info_t* info = NULL;
......@@ -3228,14 +3226,20 @@ row_drop_table_for_mysql(
} else {
ibool is_path;
const char* name_or_path;
mem_heap_t* heap;
heap = mem_heap_create(200);
/* Clone the name, in case it has been allocated
from table->heap, which will be freed by
dict_table_remove_from_cache(table) below. */
name = mem_heap_strdup(heap, name);
space_id = table->space;
if (table->dir_path_of_temp_table != NULL) {
dir_path_of_temp_table = mem_strdup(
table->dir_path_of_temp_table);
is_path = TRUE;
name_or_path = dir_path_of_temp_table;
name_or_path = mem_heap_strdup(
heap, table->dir_path_of_temp_table);
} else {
is_path = FALSE;
name_or_path = name;
......@@ -3268,13 +3272,7 @@ row_drop_table_for_mysql(
"InnoDB: of table ");
ut_print_name(stderr, trx, TRUE, name);
fprintf(stderr, ".\n");
goto funct_exit;
}
success = fil_delete_tablespace(space_id);
if (!success) {
} else if (!fil_delete_tablespace(space_id)) {
fprintf(stderr,
"InnoDB: We removed now the InnoDB"
" internal data dictionary entry\n"
......@@ -3292,6 +3290,8 @@ row_drop_table_for_mysql(
err = DB_ERROR;
}
}
mem_heap_free(heap);
}
funct_exit:
......@@ -3301,10 +3301,6 @@ row_drop_table_for_mysql(
row_mysql_unlock_data_dictionary(trx);
}
if (dir_path_of_temp_table) {
mem_free(dir_path_of_temp_table);
}
trx->op_info = "";
#ifndef UNIV_HOTBACKUP
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment