MDEV-21341: Fix UBSAN failures: Issue Sixbb-10.3-mdev21341-issueSix

(Variant #2 of the patch, which keeps the sp_head object inside the MEM_ROOT that sp_head object owns) (10.3 version of the fix, with handling for class sp_package) sp_head::operator new() and operator delete() were dereferencing sp_head* pointers to memory that didn't hold a valid sp_head object (it was not created/already destroyed). This caused UBSan to crash when looking up type information. Fixed by providing static sp_head::create() and sp_head::destroy() methods.
author: Sergei Petrunia <psergey@askmonty.org> 2020-01-12 22:15:55 +0300
committer: Sergei Petrunia <psergey@askmonty.org> 2020-01-12 22:15:55 +0300
commit: d531b4ee3a9bcd89a2fa6b49a2207eaf966f53e3 (patch)
tree: fbdc8bb230c6d123f8b2484878acf234caf46810 /sql/sql_parse.cc
parent: 9c3eca85141836548214e3c68f256b3868502509 (diff)
download: mariadb-git-d531b4ee3a9bcd89a2fa6b49a2207eaf966f53e3.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/sql/sql_parse.cc b/sql/sql_parse.cc
index 861d50e8872..db38a20ea8a 100644
--- a/sql/sql_parse.cc
+++ b/sql/sql_parse.cc
@@ -5083,7 +5083,7 @@ mysql_execute_command(THD *thd)
   /* Don't do it, if we are inside a SP */
   if (!thd->spcont)
   {
-    delete lex->sphead;
+    sp_head::destroy(lex->sphead);
     lex->sphead= NULL;
   }
   /* lex->unit.cleanup() is called outside, no need to call it here */
author	Sergei Petrunia <psergey@askmonty.org>	2020-01-12 22:15:55 +0300
committer	Sergei Petrunia <psergey@askmonty.org>	2020-01-12 22:15:55 +0300
commit	d531b4ee3a9bcd89a2fa6b49a2207eaf966f53e3 (patch)
tree	fbdc8bb230c6d123f8b2484878acf234caf46810 /sql/sql_parse.cc
parent	9c3eca85141836548214e3c68f256b3868502509 (diff)
download	mariadb-git-d531b4ee3a9bcd89a2fa6b49a2207eaf966f53e3.tar.gz