diff options
author | Nayuta Yanagisawa <nayuta.yanagisawa@hey.com> | 2021-09-24 23:58:06 +0900 |
---|---|---|
committer | Nayuta Yanagisawa <nayuta.yanagisawa@hey.com> | 2021-10-18 19:39:31 +0900 |
commit | 5fcde24091c01ce0f5941d434bd5761c07e51478 (patch) | |
tree | 5378711014db646d12898154a67aa0b3887670d9 | |
parent | 7d360060cb6ea2558820b343ef77d59584b0b805 (diff) | |
download | mariadb-git-bb-10.5-mdev-26582.tar.gz |
MDEV-26582 SIGSEGV in spider_db_bulk_insert and spider_db_connect and spider_db_before_query, and hang in "End of update loop" / "Reset for next command" query statesbb-10.5-mdev-26582
Spider accesses a freed connection in ha_spider::end_bulk_insert()
and results in SIGSEGV.
The cause of the bug is that ha_spider::is_bulk_insert_exec_period()
wrongly returns TRUE when the bulk insertion has not yet started.
Spider decides whether it is during the bulk insertion or not by
the value of insert_pos, but the variable is not reset in a case,
and this result in the bug.
4 files changed, 50 insertions, 0 deletions
diff --git a/storage/spider/mysql-test/spider/bugfix/r/mdev_26582.result b/storage/spider/mysql-test/spider/bugfix/r/mdev_26582.result new file mode 100644 index 00000000000..54a4fc44b48 --- /dev/null +++ b/storage/spider/mysql-test/spider/bugfix/r/mdev_26582.result @@ -0,0 +1,11 @@ +# +# MDEV-26582 SIGSEGV in spider_db_bulk_insert and spider_db_connect and spider_db_before_query, and hang in "End of update loop" / "Reset for next command" query states +# +CREATE DATABASE IF NOT EXISTS auto_test_local; +USE auto_test_local; +CREATE TABLE t (i CHAR) ENGINE=SPIDER; +INSERT INTO t VALUES (0); +ERROR HY000: Unable to connect to foreign data source: localhost +INSERT t SELECT 1 ON DUPLICATE KEY UPDATE c=1; +ERROR 42S22: Unknown column 'c' in 'field list' +DROP DATABASE IF EXISTS auto_test_local; diff --git a/storage/spider/mysql-test/spider/bugfix/t/mdev_26582.cnf b/storage/spider/mysql-test/spider/bugfix/t/mdev_26582.cnf new file mode 100644 index 00000000000..b0853e32654 --- /dev/null +++ b/storage/spider/mysql-test/spider/bugfix/t/mdev_26582.cnf @@ -0,0 +1,2 @@ +!include include/default_mysqld.cnf +!include ../my_1_1.cnf diff --git a/storage/spider/mysql-test/spider/bugfix/t/mdev_26582.test b/storage/spider/mysql-test/spider/bugfix/t/mdev_26582.test new file mode 100644 index 00000000000..d0c57905915 --- /dev/null +++ b/storage/spider/mysql-test/spider/bugfix/t/mdev_26582.test @@ -0,0 +1,27 @@ +--echo # +--echo # MDEV-26582 SIGSEGV in spider_db_bulk_insert and spider_db_connect and spider_db_before_query, and hang in "End of update loop" / "Reset for next command" query states +--echo # + +# NOTE: The bug does not reproduce if we import ../../t/test_init.inc instead. +--disable_query_log +--disable_result_log +--source ../../include/init_spider.inc +--enable_result_log +--enable_query_log + +CREATE DATABASE IF NOT EXISTS auto_test_local; +USE auto_test_local; + +CREATE TABLE t (i CHAR) ENGINE=SPIDER; +--error 1429 +INSERT INTO t VALUES (0); +--error 1054 +INSERT t SELECT 1 ON DUPLICATE KEY UPDATE c=1; + +DROP DATABASE IF EXISTS auto_test_local; + +--disable_query_log +--disable_result_log +--source ../../include/deinit_spider.inc +--enable_result_log +--enable_query_log diff --git a/storage/spider/spd_db_conn.cc b/storage/spider/spd_db_conn.cc index 22567d82bc1..d2cce0ba6d0 100644 --- a/storage/spider/spd_db_conn.cc +++ b/storage/spider/spd_db_conn.cc @@ -6661,7 +6661,11 @@ int spider_db_bulk_insert( #endif if ((error_num = spider->append_insert_values_sql_part( SPIDER_SQL_TYPE_INSERT_SQL))) + { + if (spider->sql_kinds & SPIDER_SQL_KIND_SQL) + spider->set_insert_to_pos_sql(SPIDER_SQL_TYPE_INSERT_SQL); DBUG_RETURN(error_num); + } #if defined(HS_HAS_SQLCOM) && defined(HAVE_HANDLERSOCKET) } if (spider->sql_kinds & SPIDER_SQL_KIND_HS) @@ -6681,6 +6685,8 @@ int spider_db_bulk_insert( if ((error_num = spider->append_insert_terminator_sql_part( SPIDER_SQL_TYPE_INSERT_SQL))) { + if (spider->sql_kinds & SPIDER_SQL_KIND_SQL) + spider->set_insert_to_pos_sql(SPIDER_SQL_TYPE_INSERT_SQL); DBUG_RETURN(error_num); } #ifdef HA_CAN_BULK_ACCESS @@ -6715,6 +6721,8 @@ int spider_db_bulk_insert( if ((error_num = dbton_handler->set_sql_for_exec(sql_type, roop_count2))) { + if (spider->sql_kinds & SPIDER_SQL_KIND_SQL) + spider->set_insert_to_pos_sql(SPIDER_SQL_TYPE_INSERT_SQL); if (dbton_handler->need_lock_before_set_sql_for_exec(sql_type)) { SPIDER_CLEAR_FILE_POS(&conn->mta_conn_mutex_file_pos); @@ -6744,6 +6752,8 @@ int spider_db_bulk_insert( conn->mta_conn_mutex_unlock_later = TRUE; if ((error_num = spider_db_set_names(spider, conn, roop_count2))) { + if (spider->sql_kinds & SPIDER_SQL_KIND_SQL) + spider->set_insert_to_pos_sql(SPIDER_SQL_TYPE_INSERT_SQL); DBUG_ASSERT(conn->mta_conn_mutex_lock_already); DBUG_ASSERT(conn->mta_conn_mutex_unlock_later); conn->mta_conn_mutex_lock_already = FALSE; |