From a5174aaffb8f22b211945170588828557dbdb211 Mon Sep 17 00:00:00 2001 From: Sergei Petrunia Date: Tue, 14 Jan 2025 22:42:18 +0200 Subject: [PATCH] MDEV-35828: Assertion fails in alloc_root() when memory causes it to call itself (Variant 2: use stack for buffers) my_malloc_size_cb_func() has a call to thd->alloc() to produce an error message. thd->alloc() calls alloc_root(), so one can end up with this stack trace: alloc_root() THD::alloc() my_malloc_size_cb_func() my_malloc() alloc_root() where alloc_root() calls itself. This is a problem, as alloc_root() is not reenterable. Fixed this by switching my_malloc_size_cb_func() to use space on the stack instead. --- mysql-test/main/errors.result | 13 +++++++++++++ mysql-test/main/errors.test | 20 ++++++++++++++++++++ sql/mysqld.cc | 18 +++++------------- 3 files changed, 38 insertions(+), 13 deletions(-) diff --git a/mysql-test/main/errors.result b/mysql-test/main/errors.result index baa2e0ad3c0a8..5b469b640f8ac 100644 --- a/mysql-test/main/errors.result +++ b/mysql-test/main/errors.result @@ -231,3 +231,16 @@ Error 1327 Undeclared variable: foo Error 1305 PROCEDURE P1 does not exist drop procedure P1; # End of 10.4 tests +# +# MDEV-35828: Assertion fails in alloc_root() when memory causes it to call itself +# +CREATE TEMPORARY TABLE t1 (a INT,b INT); +INSERT INTO t1 VALUES (1,1),(2,2); +SET +@tmp=@@max_session_mem_used, +max_session_mem_used=8192; +SELECT * FROM (t1 AS t2 LEFT JOIN t1 AS t3 USING (a)),t1; +ERROR HY000: The MariaDB server is running with the --max-session-mem-used=8192 option so it cannot execute this statement +DROP TABLE t1; +SET max_session_mem_used=@tmp; +# End of 10.6 tests diff --git a/mysql-test/main/errors.test b/mysql-test/main/errors.test index cc5cad2a68ea8..87d6d2fdec9fd 100644 --- a/mysql-test/main/errors.test +++ b/mysql-test/main/errors.test @@ -284,3 +284,23 @@ show warnings; drop procedure P1; -- echo # End of 10.4 tests + + +--echo # +--echo # MDEV-35828: Assertion fails in alloc_root() when memory causes it to call itself +--echo # +CREATE TEMPORARY TABLE t1 (a INT,b INT); +INSERT INTO t1 VALUES (1,1),(2,2); + +SET + @tmp=@@max_session_mem_used, + max_session_mem_used=8192; + +--error ER_OPTION_PREVENTS_STATEMENT +SELECT * FROM (t1 AS t2 LEFT JOIN t1 AS t3 USING (a)),t1; + +DROP TABLE t1; +SET max_session_mem_used=@tmp; + + +--echo # End of 10.6 tests diff --git a/sql/mysqld.cc b/sql/mysqld.cc index c798956910f0e..d6dd8a566af1c 100644 --- a/sql/mysqld.cc +++ b/sql/mysqld.cc @@ -3513,22 +3513,14 @@ static void my_malloc_size_cb_func(long long size, my_bool is_thread_specific) LOCK_thd_kill here (the limit will be enforced on the next allocation). */ if (!mysql_mutex_trylock(&thd->LOCK_thd_kill)) { - char buf[50], *buf2; + char buf[50], buf2[256]; thd->set_killed_no_mutex(KILL_QUERY); my_snprintf(buf, sizeof(buf), "--max-session-mem-used=%llu", thd->variables.max_mem_used); - if ((buf2= (char*) thd->alloc(256))) - { - my_snprintf(buf2, 256, - ER_THD(thd, ER_OPTION_PREVENTS_STATEMENT), buf); - thd->set_killed_no_mutex(KILL_QUERY, - ER_OPTION_PREVENTS_STATEMENT, buf2); - } - else - { - thd->set_killed_no_mutex(KILL_QUERY, ER_OPTION_PREVENTS_STATEMENT, - "--max-session-mem-used"); - } + my_snprintf(buf2, 256, + ER_THD(thd, ER_OPTION_PREVENTS_STATEMENT), buf); + thd->set_killed_no_mutex(KILL_QUERY, + ER_OPTION_PREVENTS_STATEMENT, buf2); mysql_mutex_unlock(&thd->LOCK_thd_kill); } }