MDEV-21485 ASAN use-after-poison in dfield_get_len or Assertion `pos < index->n_def' failed

The server would crash when instantly reordering the columns of a
table whose all columns belong to the PRIMARY KEY.

mysql-test/suite/innodb/r/instant_alter,4k.rdiff

---- suite/innodb/r/instant_alter.result	2019-12-05 10:54:59.611505580 +0100
-+++ suite/innodb/r/instant_alter,4k.reject	2019-12-05 11:47:54.013615820 +0100
+--- instant_alter.result
++++ instant_alter,4k.result
 @@ -242,7 +242,7 @@
  SELECT clust_index_size FROM INFORMATION_SCHEMA.INNODB_SYS_TABLESTATS
  WHERE name = 'test/t2';
@@ -318,8 +318,8 @@
  FROM information_schema.global_status
  WHERE variable_name = 'innodb_instant_alter_column';
  instants
--196
-+198
+-199
++201
  SET GLOBAL innodb_purge_rseg_truncate_frequency= @saved_frequency;
  #
  # MDEV-18266: Changing an index comment unnecessarily rebuilds index

mysql-test/suite/innodb/r/instant_alter.result

@@ -932,6 +932,9 @@ SELECT * FROM t1;
 a	b	vb
 fubar	42	42
 DROP TABLE t1;
+CREATE TABLE t1 (a INT, b INT, PRIMARY KEY(a,b)) ENGINE=InnoDB ROW_FORMAT=REDUNDANT;
+ALTER TABLE t1 MODIFY b INT FIRST;
+DROP TABLE t1;
 CREATE TABLE t1
 (id INT PRIMARY KEY, c2 INT UNIQUE,
 c3 POINT NOT NULL DEFAULT ST_GeomFromText('POINT(3 4)'),
@@ -1809,6 +1812,9 @@ SELECT * FROM t1;
 a	b	vb
 fubar	42	42
 DROP TABLE t1;
+CREATE TABLE t1 (a INT, b INT, PRIMARY KEY(a,b)) ENGINE=InnoDB ROW_FORMAT=COMPACT;
+ALTER TABLE t1 MODIFY b INT FIRST;
+DROP TABLE t1;
 CREATE TABLE t1
 (id INT PRIMARY KEY, c2 INT UNIQUE,
 c3 POINT NOT NULL DEFAULT ST_GeomFromText('POINT(3 4)'),
@@ -2686,12 +2692,15 @@ SELECT * FROM t1;
 a	b	vb
 fubar	42	42
 DROP TABLE t1;
+CREATE TABLE t1 (a INT, b INT, PRIMARY KEY(a,b)) ENGINE=InnoDB ROW_FORMAT=DYNAMIC;
+ALTER TABLE t1 MODIFY b INT FIRST;
+DROP TABLE t1;
 disconnect analyze;
 SELECT variable_value-@old_instant instants
 FROM information_schema.global_status
 WHERE variable_name = 'innodb_instant_alter_column';
 instants
-196
+199
 SET GLOBAL innodb_purge_rseg_truncate_frequency= @saved_frequency;
 #
 # MDEV-18266: Changing an index comment unnecessarily rebuilds index

mysql-test/suite/innodb/t/instant_alter.test

@@ -826,6 +826,10 @@ ALTER TABLE t1 ADD vb INT AS (b);
 SELECT * FROM t1;
 DROP TABLE t1;
 
+eval CREATE TABLE t1 (a INT, b INT, PRIMARY KEY(a,b)) $engine;
+ALTER TABLE t1 MODIFY b INT FIRST;
+DROP TABLE t1;
+
 dec $format;
 let $redundant_4k= 0;
 }

storage/innobase/rem/rem0rec.cc

 /*****************************************************************************
 
 Copyright (c) 1994, 2016, Oracle and/or its affiliates. All Rights Reserved.
-Copyright (c) 2017, 2019, MariaDB Corporation.
+Copyright (c) 2017, 2020, MariaDB Corporation.
 
 This program is free software; you can redistribute it and/or modify it under
 the terms of the GNU General Public License as published by the Free Software
@@ -1155,7 +1155,10 @@ rec_get_converted_size_comp_prefix_low(
 	for (ulint i = 0; dfield < end; i++, dfield++) {
 		if (mblob && i == index->first_user_field()) {
 			data_size += FIELD_REF_SIZE;
-			++dfield;
+			if (++dfield == end) {
+				ut_ad(i == index->n_fields);
+				break;
+			}
 		}
 
 		ulint len = dfield_get_len(dfield);
@@ -1597,7 +1600,11 @@ rec_convert_dtuple_to_rec_comp(
 				ut_ad(dfield_is_ext(field));
 				memcpy(end, dfield_get_data(field), len);
 				end += len;
-				len = dfield_get_len(++field);
+				if (++field == fend) {
+					ut_ad(i == index->n_fields);
+					break;
+				}
+				len = dfield_get_len(field);
 			}
 		} else if (UNIV_UNLIKELY(i == n_node_ptr_field)) {
 			ut_ad(field->type.prtype & DATA_NOT_NULL);