Commit 4fe1561f authored by unknown's avatar unknown
Browse files

BUG#23443: user-defined variables can consume too much memory in the 

           server

The problem was that when memory was exhausted HEAP engine could crash
(GROUP BY uses HEAP TABLE).  Alternatively, if SET was used, it could
report an error "You may only use constant expressions with SET" instead
of "Out of memory (Needed NNNNNN bytes)".

The solution is:
 - pass MY_WME to (some) calls to my_malloc() to get correct message.
 - fix heap_write() so that the first key is skipped during cleanup
   on ENOMEM because it wasn't inserted and doesn't have to be
   deleted.

No test case is provided because we can't test out-of-memory behaviour
in our current test framework.


heap/hp_block.c:
  If allocation fails, write an error message.
heap/hp_write.c:
  On ENOMEM, skip the first key in cleanup, as it wasn't inserted yet.
sql/item_func.cc:
  Add MY_WME so that OOM error will be reported.
parent 030cd30d

heap/hp_block.c

+1 −1
Original line number Diff line number Diff line
@@ -47,7 +47,7 @@ int _hp_get_new_block(HP_BLOCK *block, ulong *alloc_length) 
      break;



  *alloc_length=sizeof(HP_PTRS)*i+block->records_in_block* block->recbuffer;

  if (!(root=(HP_PTRS*) my_malloc(*alloc_length,MYF(0))))

  if (!(root=(HP_PTRS*) my_malloc(*alloc_length,MYF(MY_WME))))

    return 1;



  if (i == 0)

heap/hp_write.c

+12 −3
Original line number Diff line number Diff line
@@ -66,13 +66,22 @@ int heap_write(HP_INFO *info, const byte *record) 
  DBUG_RETURN(0);



err:

  if (my_errno == HA_ERR_FOUND_DUPP_KEY)

    DBUG_PRINT("info",("Duplicate key: %d",key));

  info->errkey= key;

  do

  /*

    Because 'key' is unsigned, we increase it before the loop, unless

    we have to skip the key that wasn't inserted yet due to OOM.  In

    the loop we test 'key' before decreasing it as the protection

    against value wraparound.

  */

  if (my_errno != ENOMEM)

    key++;

  while (key-- > 0)

  {

    if (_hp_delete_key(info,share->keydef+key,record,pos,0))

      break;

  } while (key-- > 0);

  }



  share->deleted++;

  *((byte**) pos)=share->del_link;

sql/item_func.cc

+3 −2
Original line number Diff line number Diff line
@@ -1892,8 +1892,9 @@ bool Item_func_set_user_var::update_hash(const void *ptr, uint length, 
	char *pos= (char*) entry+ ALIGN_SIZE(sizeof(user_var_entry));

	if (entry->value == pos)

	  entry->value=0;

	if (!(entry->value=(char*) my_realloc(entry->value, length,

					      MYF(MY_ALLOW_ZERO_PTR))))

        entry->value= (char*) my_realloc(entry->value, length,

                                         MYF(MY_ALLOW_ZERO_PTR | MY_WME));

        if (!entry->value)

	  goto err;

      }

    }