MDEV-31817 SIGSEGV after btr_page_get_father_block() returns nullptr on corrupted data

btr_attach_half_pages(), btr_lift_page_up(), btr_compress():
Return DB_CORRUPTION if btr_page_get_father_block() returns nullptr

Reviewed by: Thirunarayanan Balathandayuthapani

storage/innobase/btr/btr0btr.cc

@@ -873,7 +873,8 @@ static rec_offs *btr_page_get_parent(rec_offs *offsets, mem_heap_t *heap,
 /************************************************************//**
 Returns the upper level node pointer to a page. It is assumed that mtr holds
 an x-latch on the tree.
-@return rec_get_offsets() of the node pointer record */
+@return rec_get_offsets() of the node pointer record
+@retval nullptr on corruption */
 static
 rec_offs*
 btr_page_get_father_block(
@@ -2541,6 +2542,11 @@ btr_attach_half_pages(
 		offsets = btr_page_get_father_block(nullptr, heap, mtr,
 						    &cursor);
 
+		if (UNIV_UNLIKELY(!offsets)) {
+			mem_heap_free(heap);
+			return DB_CORRUPTION;
+		}
+
 		/* Replace the address of the old child node (= page) with the
 		address of the new lower half */
 
@@ -3476,6 +3482,14 @@ btr_lift_page_up(
 			offsets = btr_page_get_father_block(offsets, heap,
 							    mtr, &cursor);
 		}
+
+		if (UNIV_UNLIKELY(!offsets)) {
+parent_corrupted:
+			mem_heap_free(heap);
+			*err = DB_CORRUPTION;
+			return nullptr;
+		}
+
 		father_block = btr_cur_get_block(&cursor);
 		father_page_zip = buf_block_get_page_zip(father_block);
 
@@ -3500,6 +3514,10 @@ btr_lift_page_up(
 								    &cursor);
 			}
 
+			if (UNIV_UNLIKELY(!offsets)) {
+				goto parent_corrupted;
+			}
+
 			blocks[n_blocks++] = b = btr_cur_get_block(&cursor);
 		}
 
@@ -3715,6 +3733,11 @@ btr_compress(
 			NULL, heap, mtr, &father_cursor);
 	}
 
+	if (UNIV_UNLIKELY(!offsets)) {
+		err = DB_CORRUPTION;
+		goto func_exit;
+	}
+
 	if (adjust) {
 		nth_rec = page_rec_get_n_recs_before(btr_cur_get_rec(cursor));
 		if (UNIV_UNLIKELY(!nth_rec || nth_rec == ULINT_UNDEFINED)) {