BUG#21368299 - SERVER CRASH AT SHUTDOWN AFTER PORT CLASH DETECTED.

thayumanavar77 · thayumanavar77 · commit 83f83bac9513 · 2015-07-08T19:02:58.000+05:30
MySQLD server crashes when the server is started with the port
number of an existing server.

Due to port clash, initialization of the acceptor object fails
and the instantiated acceptor object is deleted. During cleanup
on shutdown, the acceptor object is again freed. This results
in corruption of the heap and thereby resulting in a crash.

The fix is to free the acceptor object as part of cleanup during
shutdown. Also reset all listener objects to NULL after free and
close the socket listener if the listener is not closed when the
socket listener is undergoing destruction.
diff --git a/sql/conn_handler/socket_connection.cc b/sql/conn_handler/socket_connection.cc
@@ -1001,6 +1001,5 @@ void Mysqld_socket_listener::close_listener()
   }
 #endif
 
-  if (!m_socket_map.empty())
-    m_socket_map.clear();
+  m_socket_map.clear();
 }
diff --git a/sql/conn_handler/socket_connection.h b/sql/conn_handler/socket_connection.h
@@ -171,6 +171,12 @@ class Mysqld_socket_listener
     Close the listener.
   */
   void close_listener();
+
+  ~Mysqld_socket_listener()
+  {
+    if (!m_socket_map.empty())
+      close_listener();
+  }
 };
 
 #endif // SOCKET_CONNECTION_INCLUDED.
diff --git a/sql/mysqld.cc b/sql/mysqld.cc
@@ -1739,14 +1739,12 @@ static bool network_init(void)
     if (mysqld_socket_acceptor == NULL)
     {
       delete mysqld_socket_listener;
+      mysqld_socket_listener= NULL;
       return true;
     }
 
     if (mysqld_socket_acceptor->init_connection_acceptor())
-    {
-      delete mysqld_socket_acceptor;
-      return true;
-    }
+      return true; // mysqld_socket_acceptor would be freed in unireg_abort.
 
     if (report_port == 0)
       report_port= mysqld_port;
@@ -1770,14 +1768,12 @@ static bool network_init(void)
     if (named_pipe_acceptor == NULL)
     {
       delete named_pipe_listener;
+      named_pipe_listener= NULL;
       return true;
     }
 
     if (named_pipe_acceptor->init_connection_acceptor())
-    {
-      delete named_pipe_acceptor;
-      return true;
-    }
+      return true; // named_pipe_acceptor would be freed in unireg_abort.
   }
 
   // Setup shared_memory acceptor
@@ -1794,15 +1790,13 @@ static bool network_init(void)
       new (std::nothrow) Connection_acceptor<Shared_mem_listener>(shared_mem_listener);
     if (shared_mem_acceptor == NULL)
     {
-      delete shared_mem_acceptor;
+      delete shared_mem_listener;
+      shared_mem_listener= NULL;
       return true;
     }
 
     if (shared_mem_acceptor->init_connection_acceptor())
-    {
-      delete shared_mem_acceptor;
-      return true;
-    }
+      return true; // shared_mem_acceptor would be freed in unireg_abort.
   }
 #endif // _WIN32
   return false;

Original file line number	Diff line number	Diff line change
`@@ -1001,6 +1001,5 @@ void Mysqld_socket_listener::close_listener()`
`1001`	`1001`	`}`
`1002`	`1002`	`#endif`
`1003`	`1003`
`1004`		`- if (!m_socket_map.empty())`
`1005`		`- m_socket_map.clear();`
	`1004`	`+ m_socket_map.clear();`
`1006`	`1005`	`}`