MDEV-23222 SIGSEG in maria_create() because of double free

The crash happens because a double free in the case CREATE TABLE fails because there is a conflicting tables on disk. Fixed by ensuring that the double free can't happen.

MDEV-23222 SIGSEG in maria_create() because of double free
The crash happens because a double free in the case CREATE TABLE fails because there is a conflicting tables on disk. Fixed by ensuring that the double free can't happen.
14d43f4f · Monty · 4c99e3e9 · 14d43f4f · 14d43f4f · 14d43f4f
Commit 14d43f4f authored Oct 29, 2020 by Monty
Showing with 34 additions and 0 deletions

mysql-test/suite/maria/create.result mysql-test/suite/maria/create.result +11 -0

mysql-test/suite/maria/create.test mysql-test/suite/maria/create.test +22 -0

storage/maria/ma_create.c storage/maria/ma_create.c +1 -0

No files found.
--- a/mysql-test/suite/maria/create.result
+++ b/mysql-test/suite/maria/create.result
@@ -62,5 +62,16 @@ c1
 DROP TABLE t2,t3;
 SET @@SQL_MODE=@org_sql_mode;
 #
+# MDEV-23222 SIGSEGV in maria_status | Assertion `(longlong)
+# thd->status_var.local_memory_used >= 0
+#
+CREATE TABLE t1 (a INT);
+INSERT INTO t1 VALUES (1);
+CREATE TABLE MDEV_23222 (i INT) DATA DIRECTORY = 'MYSQL_TMP_DIR', ENGINE=Aria TRANSACTIONAL=1;;
+flush tables;
+CREATE TABLE MDEV_23222 (i INT) DATA DIRECTORY = 'MYSQL_TMP_DIR', ENGINE=Aria TRANSACTIONAL=1;;
+Got one of the listed errors
+DROP TABLE t1;
+#
 # End of 10.3 tests
 #
--- a/mysql-test/suite/maria/create.test
+++ b/mysql-test/suite/maria/create.test
@@ -70,6 +70,28 @@ SELECT c1 FROM t3 WHERE (c1) IN (SELECT MIN(DISTINCT c1) FROM t2);
 DROP TABLE t2,t3;
 SET @@SQL_MODE=@org_sql_mode;
+--echo #
+--echo # MDEV-23222 SIGSEGV in maria_status | Assertion `(longlong)
+--echo # thd->status_var.local_memory_used >= 0
+--echo #
+let $mysqld_datadir= `select @@datadir`;
+CREATE TABLE t1 (a INT);
+INSERT INTO t1 VALUES (1);
+--replace_result $MYSQL_TMP_DIR MYSQL_TMP_DIR
+--eval CREATE TABLE MDEV_23222 (i INT) DATA DIRECTORY = '$MYSQL_TMP_DIR', ENGINE=Aria TRANSACTIONAL=1;
+flush tables;
+--remove_file $mysqld_datadir/test/MDEV_23222.frm
+--replace_result $MYSQL_TMP_DIR MYSQL_TMP_DIR
+--error 1,ER_TABLE_EXISTS_ERROR
+--eval CREATE TABLE MDEV_23222 (i INT) DATA DIRECTORY = '$MYSQL_TMP_DIR', ENGINE=Aria TRANSACTIONAL=1;
+DROP TABLE t1;
+--disable_warnings
+--remove_file $mysqld_datadir/test/MDEV_23222.MAD
+--replace_result $MYSQL_TMP_DIR MYSQL_TMP_DIR
+--remove_file $MYSQL_TMP_DIR/MDEV_23222.MAD
+--enable_warnings
 --echo #
 --echo # End of 10.3 tests
 --echo #
--- a/storage/maria/ma_create.c
+++ b/storage/maria/ma_create.c
@@ -1163,6 +1163,7 @@ int maria_create(const char *name, enum data_file_type datafile_type,
                                  FALSE, TRUE))
      goto err;
    my_free(log_data);
+    log_data= 0;
  }
  if (!(flags & HA_DONT_TOUCH_DATA))