From d531b4ee3a9bcd89a2fa6b49a2207eaf966f53e3 Mon Sep 17 00:00:00 2001
From: Sergei Petrunia <psergey@askmonty.org>
Date: Sun, 12 Jan 2020 22:15:55 +0300
Subject: MDEV-21341: Fix UBSAN failures: Issue Six

(Variant #2 of the patch, which keeps the sp_head object inside the
MEM_ROOT that sp_head object owns)
(10.3 version of the fix, with handling for class sp_package)

sp_head::operator new() and operator delete() were dereferencing sp_head*
pointers to memory that didn't hold a valid sp_head object (it was
not created/already destroyed).
This caused UBSan to crash when looking up type information.

Fixed by providing static sp_head::create() and sp_head::destroy() methods.
---
 sql/sql_trigger.cc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'sql/sql_trigger.cc')

diff --git a/sql/sql_trigger.cc b/sql/sql_trigger.cc
index b8ce5d743b4..26ec04cb89e 100644
--- a/sql/sql_trigger.cc
+++ b/sql/sql_trigger.cc
@@ -338,7 +338,7 @@ public:
 
 Trigger::~Trigger()
 {
-  delete body;
+  sp_head::destroy(body);
 }
 
 
-- 
cgit v1.2.1