Hi, Markus! On Aug 16, Markus Pilman wrote:
Hi all,
I ran into a strange problem:
I am working on a storage engine for MariaDB. To access field information I usually do as written in the documentation:
for (Field** field = table->field; *field; ++field) { /* some code here */ }
This works fine in most cases (for writing - read handler::write_row - it seems to work always) but sometimes (I think always in the index_next method) accessing **(table->field) results in a segmentation fault (but *(table->field) is not null, but something like 0x5e6f4c6d4578244d). Strange enough, this error does not happen always. In the debugger I saw, that table_share->field points to the correct location there so I replaces table->field in the above loop with table_share->field. But this also seems to not work - it now crashes on other queries (also on updates, but after restarting MariaDB it also crashes on a full table scan).
Normaly you should always use table->field, not table_share->field. If a table is used by many threads, or by the same thread many times - in other words, if many instances of your handler class are created - they will use different TABLE objects, but the same TABLE_SHARE. So, table_share->field objects necessarily will have the same ptr in all threads, it's not what you usually want. A strange value of *(table->field) looks like a memory corruption. May be your code writes to a free'd memory somewhere, or dereferences a dangled pointer. Can you show the stack trace of the crash? Regards, Sergei