Commit f2a7c0d3 authored by unknown's avatar unknown

Fix for BUG#15018 "valgrind error in Rpl_filter (uninitalized memory - could crash)".

The code was reading a HASH or DYNAMIC_ARRAY which may be uninited (difference from 5.0
is that those vars were always zeroed in 5.0 because were static globals, while they are new'd in 5.1).


sql/rpl_filter.cc:
  the hash or dynamic_array may not be inited, depends on a bool (e.g. if wild_do_table_inited==0
  wild_do_table is uninitialized memory); the code was not taking the bool into account and so reading uninited memory.
sql/rpl_filter.h:
  comments and prototype change (see rpl_filter.cc)
parent 924f7b07
...@@ -449,9 +449,11 @@ Rpl_filter::free_string_array(DYNAMIC_ARRAY *a) ...@@ -449,9 +449,11 @@ Rpl_filter::free_string_array(DYNAMIC_ARRAY *a)
*/ */
void void
Rpl_filter::table_rule_ent_hash_to_str(String* s, HASH* h) Rpl_filter::table_rule_ent_hash_to_str(String* s, HASH* h, bool inited)
{ {
s->length(0); s->length(0);
if (inited)
{
for (uint i= 0; i < h->records; i++) for (uint i= 0; i < h->records; i++)
{ {
TABLE_RULE_ENT* e= (TABLE_RULE_ENT*) hash_element(h, i); TABLE_RULE_ENT* e= (TABLE_RULE_ENT*) hash_element(h, i);
...@@ -459,13 +461,17 @@ Rpl_filter::table_rule_ent_hash_to_str(String* s, HASH* h) ...@@ -459,13 +461,17 @@ Rpl_filter::table_rule_ent_hash_to_str(String* s, HASH* h)
s->append(','); s->append(',');
s->append(e->db,e->key_len); s->append(e->db,e->key_len);
} }
}
} }
void void
Rpl_filter::table_rule_ent_dynamic_array_to_str(String* s, DYNAMIC_ARRAY* a) Rpl_filter::table_rule_ent_dynamic_array_to_str(String* s, DYNAMIC_ARRAY* a,
bool inited)
{ {
s->length(0); s->length(0);
if (inited)
{
for (uint i= 0; i < a->elements; i++) for (uint i= 0; i < a->elements; i++)
{ {
TABLE_RULE_ENT* e; TABLE_RULE_ENT* e;
...@@ -474,34 +480,35 @@ Rpl_filter::table_rule_ent_dynamic_array_to_str(String* s, DYNAMIC_ARRAY* a) ...@@ -474,34 +480,35 @@ Rpl_filter::table_rule_ent_dynamic_array_to_str(String* s, DYNAMIC_ARRAY* a)
s->append(','); s->append(',');
s->append(e->db,e->key_len); s->append(e->db,e->key_len);
} }
}
} }
void void
Rpl_filter::get_do_table(String* str) Rpl_filter::get_do_table(String* str)
{ {
table_rule_ent_hash_to_str(str, &do_table); table_rule_ent_hash_to_str(str, &do_table, do_table_inited);
} }
void void
Rpl_filter::get_ignore_table(String* str) Rpl_filter::get_ignore_table(String* str)
{ {
table_rule_ent_hash_to_str(str, &ignore_table); table_rule_ent_hash_to_str(str, &ignore_table, ignore_table_inited);
} }
void void
Rpl_filter::get_wild_do_table(String* str) Rpl_filter::get_wild_do_table(String* str)
{ {
table_rule_ent_dynamic_array_to_str(str, &wild_do_table); table_rule_ent_dynamic_array_to_str(str, &wild_do_table, wild_do_table_inited);
} }
void void
Rpl_filter::get_wild_ignore_table(String* str) Rpl_filter::get_wild_ignore_table(String* str)
{ {
table_rule_ent_dynamic_array_to_str(str, &wild_ignore_table); table_rule_ent_dynamic_array_to_str(str, &wild_ignore_table, wild_ignore_table_inited);
} }
......
...@@ -87,10 +87,15 @@ class Rpl_filter ...@@ -87,10 +87,15 @@ class Rpl_filter
void free_string_array(DYNAMIC_ARRAY *a); void free_string_array(DYNAMIC_ARRAY *a);
void table_rule_ent_hash_to_str(String* s, HASH* h); void table_rule_ent_hash_to_str(String* s, HASH* h, bool inited);
void table_rule_ent_dynamic_array_to_str(String* s, DYNAMIC_ARRAY* a); void table_rule_ent_dynamic_array_to_str(String* s, DYNAMIC_ARRAY* a,
bool inited);
TABLE_RULE_ENT* find_wild(DYNAMIC_ARRAY *a, const char* key, int len); TABLE_RULE_ENT* find_wild(DYNAMIC_ARRAY *a, const char* key, int len);
/*
Those 4 structures below are uninitialized memory unless the
corresponding *_inited variables are "true".
*/
HASH do_table; HASH do_table;
HASH ignore_table; HASH ignore_table;
DYNAMIC_ARRAY wild_do_table; DYNAMIC_ARRAY wild_do_table;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment