
From jeff@tripod.com Thu May  2 14:25:46 1996
Date: Mon, 29 Apr 1996 23:59:49 -0400 (EDT)
From: Le roi du balai <jeff@tripod.com>
To: msql-list@bunyip.com
Subject: [mSQL] Bug fix in mSQL 1.0.13 

Hi y'all,

I think we've found one reason why msqld has been dying for so many
people. 

We run mSQL under some pretty rigourous conditions. It is not uncommon for
the daemon to occupy 60 Mb of memory while handling 20+ near simultaneous
requests. It was our experience that on Solaris 2.5 mSQL crashed an
average of twice daily on account of malloc badnesses. The problem almost
never manifested itself on SunOS 4.1.4 or Linux 1.2.8... As is often the
case with memory bugs, the problem didn't cause the server to crash
immediately, thus making debugging very, very difficult. 

We were able to produce a SQL query that crashed the server 90% of the
time. The query itself seemed to be bad only within a certain window of
time, probably very dependent upon current kernel memory allocation and
whatnot, but I can't be sure. Using gdb on the various cores was somewhat
helpful, but the real hero was a nice little product called Purify. No,
this is not an advertisement!!! Purify keeps track of four types of memory
and quickly spots poor memory management blah blah. Unfortunately it's
expensive, but then, we had it on a free trial basis! 

In any event, msqld hasn't crashed since we patched it (four days now),
and that has to be about TEN standard deviations away from the expected
lifetime of msqld based on previous performance... 

Enough preamble! Using Purify, we found that if a key used was longer than
the defined keyLength, that an overwrite occurred in msqldb.c:setupKey(). 

Here's the way we patched msql-1.0.13:

-----diff msqldb.c msqldb.c~------
577d576
<                 /* Changed to bcopy() only to keyLen; nate@tripod.com 4/96 */
579,581c578
<                             (cacheEntry->keyLen > strlen(value.val.charVal))
<                             ? strlen(value.val.charVal) : cacheEntry->keyLen
<                             );
---
>                               strlen(value.val.charVal));
----------------------------------

Although this patch is almost certainly working, it seems that the
patching should really take place a good deal earlier -- like when
value.val.charVal is being set. But we'll leave that to someone who knows
more about mSQL. 

Cheers,

Nate Kurz and Jeff Vander Clute
Tripod Tech
http://www.tripod.com/
--------------------------------------------------------------------------
To remove yourself from the Mini SQL mailing list send a message containing
"unsubscribe" to msql-list-request@bunyip.com.  Send a message containing
"info msql-list" to majordomo@bunyip.com for info on monthly archives of
the list. For more help, mail owner-msql-list@bunyip.com NOT the msql-list!
