MDEV-23097 heap-use-after-free in mysqlimport

mysqlimport starts many worker threads. when one of the worker encounters an error, it frees global memory and calls exit(). it suppresses memory leak detector, because, as the comment says "dirty exit, some threads are still running", indeed, it cannot free the memory from other threads. but precisely because some threads are still running, they might use this global memory, so it cannot be freed. fix: if we know that some threads are still running and accept that we cannot free all memory anyway, let's not free global allocations either
MariaDB · Aug 2, 2022 · 07a670b · 07a670b
1 parent 92b0a36
commit 07a670b
Showing 1 changed file with 8 additions and 6 deletions.
diff --git a/client/mysqlimport.c b/client/mysqlimport.c
@@ -524,16 +524,18 @@ static void safe_exit(int error, MYSQL *mysql)
   if (mysql)
     mysql_close(mysql);
 
-  mysql_library_end();
-#ifdef HAVE_SMEM
-  my_free(shared_memory_base_name);
-#endif
-  free_defaults(argv_to_free);
-  my_free(opt_password);
   if (error)
     sf_leaking_memory= 1; /* dirty exit, some threads are still running */
   else
+  {
+    mysql_library_end();
+#ifdef HAVE_SMEM
+    my_free(shared_memory_base_name);
+#endif
+    free_defaults(argv_to_free);
+    my_free(opt_password);
     my_end(my_end_arg); /* clean exit */
+  }
   exit(error);
 }