Do not free SSL_COMP_get_compression_methods() directly

Bug #1604676 reported by Laurynas Biveinis on 2016-07-20
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Percona Server moved to https://jira.percona.com/projects/PS
Status tracked in 5.7
5.5
Fix Released
Medium
Laurynas Biveinis
5.6
Fix Released
Medium
Laurynas Biveinis
5.7
Invalid
Undecided
Unassigned

Bug Description

A regression caused by bug 1341067 fix:

"Arkadiusz Miśkiewicz (arekm) wrote 11 hours ago: #1
This causes collision when using php which loads mysql module (linked with percona libs) and curl module (that uses libcurl). Both, percona and curl are trying to free the same global data.

https://github.com/curl/curl/issues/905

Why percona doesn't use proper API - SSL_COMP_free_compression_methods() ?

SSL_COMP_free_compression_methods() uses sk_pop_free() which is protected from double free.

--- percona-server-5.6.28-76.1/vio/vio.c~ 2016-01-08 23:12:24.000000000 +0100
+++ percona-server-5.6.28-76.1/vio/vio.c 2016-07-19 18:54:23.648042457 +0200
@@ -399,6 +399,6 @@ void vio_end(void)
   ERR_free_strings();
   EVP_cleanup();
   CRYPTO_cleanup_all_ex_data();
- sk_SSL_COMP_free(SSL_COMP_get_compression_methods());
+ SSL_COMP_free_compression_methods();
 #endif
 }"

This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers