Commit 8ce702aa authored by Marko Mäkelä's avatar Marko Mäkelä

MDEV-17540 Server crashes in row_purge after TRUNCATE TABLE

row_purge_upd_exist_or_extern_func(): Check for node->vcol_op_failed()
after row_purge_remove_sec_if_poss(), like row_purge_del_mark() did.
This avoids us dereferencing the node->table=NULL pointer.

The test case, submitted by Elena Stepanova, is not deterministic and
does not repeat the bug on 10.2. With the added loop, for me, it reliably
crashes 10.3 without the fix. I was unable to create a deterministic
test case for either 10.2 or 10.3.

Reviewed by Thirunarayanan Balathandayuthapani
parent b2f3755c
...@@ -142,4 +142,21 @@ CREATE TABLE t1 (a VARCHAR(30), b INT, a2 VARCHAR(30) GENERATED ALWAYS AS (a) VI ...@@ -142,4 +142,21 @@ CREATE TABLE t1 (a VARCHAR(30), b INT, a2 VARCHAR(30) GENERATED ALWAYS AS (a) VI
CREATE INDEX idx ON t1(a2(10), b, a2(20)); CREATE INDEX idx ON t1(a2(10), b, a2(20));
ERROR 42S21: Duplicate column name 'a2' ERROR 42S21: Duplicate column name 'a2'
DROP TABLE t1; DROP TABLE t1;
#
# MDEV-17540 Server crashes in row_purge after TRUNCATE TABLE
#
CREATE TABLE t1 (a BIT(14)) ENGINE=InnoDB;
INSERT INTO t1 VALUES
(b'01110110101011'),(b'01100111111000'),(b'00001011110100'),
(b'01110110111010'),(b'10001010101011'),(b'01100111001111');
CREATE TABLE t2 (
pk INT DEFAULT 1,
b YEAR,
c BIT(14),
d YEAR AS (b),
e BIT(14) AS (c),
UNIQUE(pk),
KEY(e)
) ENGINE=InnoDB;
DROP TABLE t1, t2;
SET GLOBAL innodb_purge_rseg_truncate_frequency = @saved_frequency; SET GLOBAL innodb_purge_rseg_truncate_frequency = @saved_frequency;
...@@ -137,5 +137,40 @@ CREATE INDEX idx ON t1(a2(10), b, a2(20)); ...@@ -137,5 +137,40 @@ CREATE INDEX idx ON t1(a2(10), b, a2(20));
DROP TABLE t1; DROP TABLE t1;
--echo #
--echo # MDEV-17540 Server crashes in row_purge after TRUNCATE TABLE
--echo #
# Note: this test case is nondeterministic and should depend on
# MDEV-12288 to trigger the needed purge activity.
# The test does not seem to repeat the bug on MariaDB 10.2.
CREATE TABLE t1 (a BIT(14)) ENGINE=InnoDB;
INSERT INTO t1 VALUES
(b'01110110101011'),(b'01100111111000'),(b'00001011110100'),
(b'01110110111010'),(b'10001010101011'),(b'01100111001111');
CREATE TABLE t2 (
pk INT DEFAULT 1,
b YEAR,
c BIT(14),
d YEAR AS (b),
e BIT(14) AS (c),
UNIQUE(pk),
KEY(e)
) ENGINE=InnoDB;
# Run a few times in order to improve the chances of triggering the bug.
--disable_query_log
let $n=10;
while ($n) {
REPLACE INTO t2 (c) SELECT a FROM t1;
TRUNCATE TABLE t2;
dec $n;
}
--enable_query_log
DROP TABLE t1, t2;
--source include/wait_until_count_sessions.inc --source include/wait_until_count_sessions.inc
SET GLOBAL innodb_purge_rseg_truncate_frequency = @saved_frequency; SET GLOBAL innodb_purge_rseg_truncate_frequency = @saved_frequency;
...@@ -824,6 +824,14 @@ row_purge_upd_exist_or_extern_func( ...@@ -824,6 +824,14 @@ row_purge_upd_exist_or_extern_func(
node->row, NULL, node->index, node->row, NULL, node->index,
heap, ROW_BUILD_FOR_PURGE); heap, ROW_BUILD_FOR_PURGE);
row_purge_remove_sec_if_poss(node, node->index, entry); row_purge_remove_sec_if_poss(node, node->index, entry);
if (node->vcol_op_failed()) {
ut_ad(!node->table);
mem_heap_free(heap);
return;
}
ut_ad(node->table);
mem_heap_empty(heap); mem_heap_empty(heap);
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment