Drizzle

libdrizzle: Re-using a result struct without freeing causes infinite loop

Bug #728990 reported by Andrew Hutchings
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Drizzle
Fix Released
High
Andrew Hutchings
Drizzle 2011-03-14
7.0
Fix Released
High
Andrew Hutchings
Drizzle 2011-03-14

Bug Description

From Brian:
Just another note, while looking at this I found that the client seemed to go into a loop of some sort at:

#0 drizzle_result_free (result=0x62f868) at libdrizzle/result.c:130
#1 0x00007ffff7ddaeb5 in drizzle_result_free_all (con=0x627248) at libdrizzle/result.c:139
#2 0x00007ffff7dd5ec0 in drizzle_con_free (con=0x627248) at libdrizzle/drizzle.c:392
#3 0x0000000000406bfa in gearman_server_queue_libdrizzle_deinit (server=0x625030) at libgearman-server/queue_libdrizzle.c:307
#4 0x0000000000406998 in gearman_server_queue_libdrizzle_init (server=0x625030, conf=0x7fffffffd980) at libgearman-server/queue_libdrizzle.c:244
#5 0x0000000000406c67 in gearmand_queue_libdrizzle_init (gearmand=0x624fc0, conf=0x7fffffffd980) at libgearman-server/queue_libdrizzle.c:319

Related branches

lp:~linuxjedi/drizzle/trunk-bug-728990
Lee Bieber (community): Needs Fixing
Diff: 114 lines (+19/-3)
4 files modified
libdrizzle/conn.c (+12/-0)
plugin/slave/queue_producer.cc (+4/-2)
plugin/transaction_log/utilities/transaction_log_connection.cc (+2/-1)
plugin/transaction_log/utilities/transaction_reader.cc (+1/-0)
Revision history for this message
Andrew Hutchings (linuxjedi) wrote :

I first attempted to fix this by having drizzle_query check if the result struct had a DRIZZLE_RESULT_NONE. But when using C++ the status can be random. So fixing by testing if the result pointer is in the list of result sets to be freed.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.