-
Type: Bug
-
Resolution: Fixed
-
Priority: Major - P3
-
Affects Version/s: None
-
Component/s: None
-
None
Since we now can append multiple updates to the head of the update chain, the following code may leak memory as it assumes it always append one update to the head:
/* * __rollback_row_add_update -- * Add the provided update to the head of the update list. */ static inline int __rollback_row_add_update(WT_SESSION_IMPL *session, WT_PAGE *page, WT_ROW *rip, WT_UPDATE *upd) { WT_DECL_RET; WT_PAGE_MODIFY *mod; WT_UPDATE *old_upd, **upd_entry; size_t upd_size; /* If we don't yet have a modify structure, we'll need one. */ WT_RET(__wt_page_modify_init(session, page)); mod = page->modify; /* Allocate an update array as necessary. */ WT_PAGE_ALLOC_AND_SWAP(session, page, mod->mod_row_update, upd_entry, page->entries); /* Set the WT_UPDATE array reference. */ upd_entry = &mod->mod_row_update[WT_ROW_SLOT(page, rip)]; upd_size = __wt_update_list_memsize(upd); /* * If it's a full update list, we're trying to instantiate the row. Otherwise, it's just a * single update that we'd like to append to the update list. * * Set the "old" entry to the second update in the list so that the serialization function * succeeds in swapping the first update into place. */ if (upd->next != NULL) *upd_entry = upd->next; old_upd = *upd_entry; /* * Point the new WT_UPDATE item to the next element in the list. The serialization function acts * as our memory barrier to flush this write. */ upd->next = old_upd; /* * Serialize the update. Rollback to stable doesn't need to check the visibility of the on page * value to detect conflict. */ WT_ERR(__wt_update_serial(session, NULL, page, upd_entry, &upd, upd_size, true)); err: return (ret); }