diff options
| author | Nayuta Yanagisawa <nayuta.yanagisawa@hey.com> | 2021-09-21 20:22:56 +0900 |
|---|---|---|
| committer | Nayuta Yanagisawa <nayuta.yanagisawa@hey.com> | 2021-10-19 19:04:05 +0900 |
| commit | e7208bd93445ee233d72c8fd9413a4c83043b123 (patch) | |
| tree | 1947f4d28c397cfc5b0c1f7faeab84f1ecbfcd65 | |
| parent | edde9084c2a8ee2e7b702c994945a4dfdb7e2bdf (diff) | |
| download | mariadb-git-bb-10.5-mdev-26158.tar.gz | |
MDEV-26158 SIGSEGV in spider_free_mem from ha_spider::open on INSERTbb-10.5-mdev-26158
The server crashes due to passing NULL to spider_free().
In some cases, this == pt_handler_share_handlers[0] at the label
error_get_share in ha_spider::open().
In such cases, to nullify pt_handler_share_handlers[0]->wide_handler
is nothing but to nullify this->wide_handler. We should not do this
before freeing this->wide_handler.
4 files changed, 62 insertions, 1 deletions
diff --git a/storage/spider/ha_spider.cc b/storage/spider/ha_spider.cc index 6cee49cd6da..bbbe76cec74 100644 --- a/storage/spider/ha_spider.cc +++ b/storage/spider/ha_spider.cc @@ -659,13 +659,13 @@ error_partition_handler_share_alloc: error_get_share: if (wide_handler_alloc) { + spider_free(spider_current_trx, wide_handler, MYF(0)); #ifdef WITH_PARTITION_STORAGE_ENGINE if (pt_handler_share_handlers) { pt_handler_share_handlers[0]->wide_handler = NULL; } #endif - spider_free(spider_current_trx, wide_handler, MYF(0)); spider->wide_handler = NULL; owner->wide_handler = NULL; owner->wide_handler_owner = FALSE; diff --git a/storage/spider/mysql-test/spider/bugfix/r/mdev_26158.result b/storage/spider/mysql-test/spider/bugfix/r/mdev_26158.result new file mode 100644 index 00000000000..2870dab2702 --- /dev/null +++ b/storage/spider/mysql-test/spider/bugfix/r/mdev_26158.result @@ -0,0 +1,27 @@ +# +# MDEV-26158 SIGSEGV in spider_free_mem from ha_spider::open on INSERT +# +for master_1 +for child2 +child2_1 +child2_2 +child2_3 +for child3 +connection master_1; +CREATE DATABASE auto_test_local; +USE auto_test_local; +CREATE TABLE t ( +c INT +) ENGINE=Spider DEFAULT CHARSET=utf8 COMMENT='table "tbl_a"' +PARTITION BY LIST COLUMNS(`c`) ( +PARTITION `pt1` DEFAULT COMMENT = 'srv "s_2_1"' +); +INSERT INTO t SELECT * FROM t; +ERROR 42000: Unknown database 'auto_test_remote' +DROP DATABASE auto_test_local; +for master_1 +for child2 +child2_1 +child2_2 +child2_3 +for child3 diff --git a/storage/spider/mysql-test/spider/bugfix/t/mdev_26158.cnf b/storage/spider/mysql-test/spider/bugfix/t/mdev_26158.cnf new file mode 100644 index 00000000000..05dfd8a0bce --- /dev/null +++ b/storage/spider/mysql-test/spider/bugfix/t/mdev_26158.cnf @@ -0,0 +1,3 @@ +!include include/default_mysqld.cnf +!include ../my_1_1.cnf +!include ../my_2_1.cnf diff --git a/storage/spider/mysql-test/spider/bugfix/t/mdev_26158.test b/storage/spider/mysql-test/spider/bugfix/t/mdev_26158.test new file mode 100644 index 00000000000..0484d2b6652 --- /dev/null +++ b/storage/spider/mysql-test/spider/bugfix/t/mdev_26158.test @@ -0,0 +1,31 @@ +--echo # +--echo # MDEV-26158 SIGSEGV in spider_free_mem from ha_spider::open on INSERT +--echo # + +--disable_query_log +--disable_result_log +--source ../../t/test_init.inc +--enable_result_log +--enable_query_log + +--connection master_1 +CREATE DATABASE auto_test_local; +USE auto_test_local; + +eval CREATE TABLE t ( + c INT +) $MASTER_1_ENGINE $MASTER_1_CHARSET COMMENT='table "tbl_a"' +PARTITION BY LIST COLUMNS(`c`) ( + PARTITION `pt1` DEFAULT COMMENT = 'srv "s_2_1"' +); + +--error ER_BAD_DB_ERROR +INSERT INTO t SELECT * FROM t; + +DROP DATABASE auto_test_local; + +--disable_query_log +--disable_result_log +--source ../../t/test_deinit.inc +--enable_result_log +--enable_query_log |