Fix reset of THD query when trx metadata is enabled

Summary: When a Rows_query_log_event contains trx metadata the real query is present just after the metadata comment. Due to this the THD is assigned the query after going past the metadata in Rows_query_log_event::do_apply_event() but the destructor was resetting the query by comparing the THD query to the beginning of the rows query. This was causing a read-after-free error. Reviewed By: yashtc Differential Revision: D7899271 fbshipit-source-id: 8374804
facebook · May 8, 2018 · 96de6c4 · 96de6c4
1 parent fc7bcca
commit 96de6c4
Showing 1 changed file with 9 additions and 2 deletions.
diff --git a/sql/log_event.cc b/sql/log_event.cc
@@ -14883,7 +14883,7 @@ Rows_query_log_event::Rows_query_log_event(const char *buf, uint event_len,
   int offset= common_header_len + post_header_len + 1;
   int len= event_len - offset;
   if (!(m_rows_query= (char*) my_malloc(len+1, MYF(MY_WME))))
-    return;
+    DBUG_VOID_RETURN;
   strmake(m_rows_query, buf + offset, len);
   DBUG_PRINT("info", ("m_rows_query: %s", m_rows_query));
   DBUG_VOID_RETURN;
@@ -14896,7 +14896,14 @@ Rows_query_log_event::~Rows_query_log_event()
   // the m_rows_query.
   if (thd) {
     mysql_mutex_lock(&thd->LOCK_thd_data);
-    if (thd->query() == m_rows_query)
+    auto query= m_rows_query;
+    if (has_trx_meta_data())
+    {
+      // move past the trx metadata
+      DBUG_ASSERT(strstr(m_rows_query, "*/") != NULL);
+      query= strstr(m_rows_query, "*/") + 2;
+    }
+    if (thd->query() == query)
       thd->set_query(CSET_STRING(), false);
     mysql_mutex_unlock(&thd->LOCK_thd_data);
   }