Skip to content

Commit 7449195

Browse files
MDEV-23229 Read of Uninitialized memory during buffer pool resizing
commit b1ab211 (MDEV-15053) introduced the code to unfix the block earlier in buf_block_t::unfix(). After unfixing the block, InnoDB can withdraw the block from the buffer pool and deallocate it while doing buffer pool resizing. So subsequent assert could leads to uninitialized memory access of block. buf_block_t::unfix(): Unfix the block after checking the assert.
1 parent a18639f commit 7449195

File tree

1 file changed

+2
-3
lines changed

1 file changed

+2
-3
lines changed

storage/innobase/include/buf0buf.h

Lines changed: 2 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1198,12 +1198,11 @@ struct buf_block_t{
11981198
void fix() { page.fix(); }
11991199
uint32_t unfix()
12001200
{
1201-
uint32_t fix_count= page.unfix();
1202-
ut_ad(fix_count || page.io_fix() != BUF_IO_NONE ||
1201+
ut_ad(page.buf_fix_count() || page.io_fix() != BUF_IO_NONE ||
12031202
page.state() == BUF_BLOCK_ZIP_PAGE ||
12041203
!rw_lock_own_flagged(&lock, RW_LOCK_FLAG_X | RW_LOCK_FLAG_S |
12051204
RW_LOCK_FLAG_SX));
1206-
return fix_count;
1205+
return page.unfix();
12071206
}
12081207

12091208
/** @return the physical size, in bytes */

0 commit comments

Comments
 (0)