Hi! >>>>> "Guilhem" == Guilhem Bichot <guil...@sun.com> writes:
<cut> >> +++ b/storage/maria/ma_close.c 2009-02-01 07:29:56 +0000 >> @@ -155,7 +155,7 @@ int maria_close(register MARIA_HA *info) >> MARIA_STATE_HISTORY_CLOSED *history; >> /* >> Here we ignore the unlikely case that we don't have memory to >> - store the case. In the worst case what happens is that any >> transaction >> + store the state. In the worst case what happens is that any >> transaction >> that tries to access this table will get a wrong status information. >> */ >> if ((history= (MARIA_STATE_HISTORY_CLOSED *) >> @@ -166,6 +166,8 @@ int maria_close(register MARIA_HA *info) >> if (my_hash_insert(&maria_stored_state, (uchar*) history)) >> my_free(history, MYF(0)); >> } >> + /* Marker for concurrent checkpoint */ >> + share->state_history= 0; >> } >> } >> pthread_mutex_unlock(&THR_LOCK_maria); Guilhem> So, what was the scenario? Guilhem> I imagined this one: Thread1 has just closed the table, but Thread2 had Guilhem> started a checkpoint, so Thread1 leaves the share in existence; Thread2 Guilhem> looks at share->state_history, but why would that point to freed memory? Guilhem> Is it because there is a Thread3 which did this freeing? No, the problem happens with only two threads. T1 one goes into the above code and creates a history entry that points to share->state_history. In checkpoint thread we will then execute the following code: _ma_remove_not_visible_states_with_lock(share, FALSE); Which uses share->state_history entry and may even free it. If free happens, we are likely to get a crash as history entry now points to freed memory. Regards, Monty _______________________________________________ Mailing list: https://launchpad.net/~maria-developers Post to : maria-developers@lists.launchpad.net Unsubscribe : https://launchpad.net/~maria-developers More help : https://help.launchpad.net/ListHelp
