Commit febe03c2 authored by Ahmad Abdullateef's avatar Ahmad Abdullateef

BUG#14727815 - CRASH IN PTHREAD_RWLOCK_WRLOCK/SRW_UNLOCK

                             IN QUERY CACHE CODE

DESCRIPTION:
MySQL Server crashes sporadically when Query Caching is on and
the server has high contention among clients. 


ANALYSIS :

Scenario 1:
In Query_cache::move_by_type() when handling RESULT or its related blocks,
Write Lock is acquired on its parent Query block. However the next and prev
pointers are cached in local variables before lock acquisition. In an extremely
high contention scenario there exists a possibility that
Query_cache::append_result_data() is operating on the same query block
and as a consequence might append a new Result block to the end of Result
blocks Linked List of the Query. This would manipulate the next, prev pointers
of the Block being processed in move_by_type(), however the local pointers
still point to previous nodes there by causing Data Corruption leading to crash.

FIX :

Scenario 1:
The next, prev pointers are now accessed only after Lock acquisition in 
Query_cache::move_by_type().
parent 7bdd8b48
......@@ -3896,11 +3896,10 @@ my_bool Query_cache::move_by_type(uchar **border,
(int) block->type));
if (*border == 0)
break;
Query_cache_block *query_block = block->result()->parent(),
*next = block->next,
*prev = block->prev;
Query_cache_block::block_type type = block->type;
Query_cache_block *query_block= block->result()->parent();
BLOCK_LOCK_WR(query_block);
Query_cache_block *next= block->next, *prev= block->prev;
Query_cache_block::block_type type= block->type;
ulong len = block->length, used = block->used;
Query_cache_block *pprev = block->pprev,
*pnext = block->pnext,
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment