diff options
| author | Nayuta Yanagisawa <nayuta.yanagisawa@hey.com> | 2022-07-05 22:56:26 +0900 |
|---|---|---|
| committer | Nayuta Yanagisawa <nayuta.yanagisawa@hey.com> | 2022-07-06 16:13:34 +0900 |
| commit | eb93b5350d024212658428ca8ded87d171e408bf (patch) | |
| tree | 8b51d1edaeea2ced69dd82a4258b00a5931e4765 | |
| parent | 9d5718c9b949514c4a7461dfdc7af225ae9f64ab (diff) | |
| download | mariadb-git-bb-10.5-MDEV-29027.tar.gz | |
MDEV-29027 ASAN errors in spider_db_free_result after partition DDLbb-10.5-MDEV-29027
Spider calls ha_spider::close() at least twice on ALTER TABLE ... ADD
PARTITION. The first call frees wide_handler->trx and the second call
accesses wide_handler->trx->thd (heap-use-after-free).
In general, there seems to be no problem with using THD obtained by
the macro current_thd() except in background threads. Thus, we simply
replace wide_handler->trx->thd with current_thd().
4 files changed, 66 insertions, 10 deletions
diff --git a/storage/spider/mysql-test/spider/bugfix/r/mdev_29027.result b/storage/spider/mysql-test/spider/bugfix/r/mdev_29027.result new file mode 100644 index 00000000000..1d9bc01fdb2 --- /dev/null +++ b/storage/spider/mysql-test/spider/bugfix/r/mdev_29027.result @@ -0,0 +1,24 @@ +# +# MDEV-29027 ASAN errors in spider_db_free_result after partition DDL +# +for master_1 +for child2 +child2_1 +child2_2 +child2_3 +for child3 +CREATE DATABASE auto_test_local; +USE auto_test_local; +CREATE TABLE tbl_a ( +c INT +) ENGINE=Spider DEFAULT CHARSET=utf8 PARTITION BY HASH(c) ( +PARTITION pt1 +); +ALTER TABLE tbl_a ADD PARTITION (PARTITION pt2); +DROP DATABASE auto_test_local; +for master_1 +for child2 +child2_1 +child2_2 +child2_3 +for child3 diff --git a/storage/spider/mysql-test/spider/bugfix/t/mdev_29027.cnf b/storage/spider/mysql-test/spider/bugfix/t/mdev_29027.cnf new file mode 100644 index 00000000000..05dfd8a0bce --- /dev/null +++ b/storage/spider/mysql-test/spider/bugfix/t/mdev_29027.cnf @@ -0,0 +1,3 @@ +!include include/default_mysqld.cnf +!include ../my_1_1.cnf +!include ../my_2_1.cnf diff --git a/storage/spider/mysql-test/spider/bugfix/t/mdev_29027.test b/storage/spider/mysql-test/spider/bugfix/t/mdev_29027.test new file mode 100644 index 00000000000..f18154a1d28 --- /dev/null +++ b/storage/spider/mysql-test/spider/bugfix/t/mdev_29027.test @@ -0,0 +1,28 @@ +--echo # +--echo # MDEV-29027 ASAN errors in spider_db_free_result after partition DDL +--echo # + +--disable_query_log +--disable_result_log +--source ../../t/test_init.inc +--enable_result_log +--enable_query_log + +CREATE DATABASE auto_test_local; +USE auto_test_local; + +eval CREATE TABLE tbl_a ( + c INT +) $MASTER_1_ENGINE $MASTER_1_CHARSET PARTITION BY HASH(c) ( + PARTITION pt1 +); + +ALTER TABLE tbl_a ADD PARTITION (PARTITION pt2); + +DROP DATABASE auto_test_local; + +--disable_query_log +--disable_result_log +--source ../../t/test_deinit.inc +--enable_result_log +--enable_query_log diff --git a/storage/spider/spd_db_conn.cc b/storage/spider/spd_db_conn.cc index 2a27b916394..42d3313822b 100644 --- a/storage/spider/spd_db_conn.cc +++ b/storage/spider/spd_db_conn.cc @@ -3725,7 +3725,7 @@ int spider_db_free_result( SPIDER_RESULT *result; SPIDER_RESULT *prev; SPIDER_SHARE *share = spider->share; - SPIDER_TRX *trx = spider->wide_handler->trx; + THD *thd= current_thd; SPIDER_POSITION *position; int roop_count, error_num; DBUG_ENTER("spider_db_free_result"); @@ -3761,12 +3761,11 @@ int spider_db_free_result( } #endif - if ( - final || - spider_param_reset_sql_alloc(trx->thd, share->reset_sql_alloc) == 1 - ) { - int alloc_size = final ? 0 : - (spider_param_init_sql_alloc_size(trx->thd, share->init_sql_alloc_size)); + if (final || spider_param_reset_sql_alloc(thd, share->reset_sql_alloc) == 1) + { + int alloc_size= final ? 0 + : (spider_param_init_sql_alloc_size( + thd, share->init_sql_alloc_size)); while (result) { position = result->first_position; @@ -3808,8 +3807,8 @@ int spider_db_free_result( if (!final) { ulong realloced = 0; - int init_sql_alloc_size = - spider_param_init_sql_alloc_size(trx->thd, share->init_sql_alloc_size); + int init_sql_alloc_size= + spider_param_init_sql_alloc_size(thd, share->init_sql_alloc_size); for (roop_count = 0; roop_count < (int) share->use_dbton_count; roop_count++) { @@ -3884,7 +3883,9 @@ int spider_db_free_result( } } } - } else { + } + else + { while (result) { position = result->first_position; |