Commit c2931242 authored by Sergei Golubchik's avatar Sergei Golubchik

MDEV-14750 Valgrind Invalid read, ASAN heap-use-after-free in...

MDEV-14750 Valgrind Invalid read, ASAN heap-use-after-free in Item_ident::print upon SHOW CREATE on partitioned table

items in the partitioning function were taking
the table name from the table's field
(in set_field(from_field) in Item_field::fix_fields)
and field's table_name is TABLE::alias.

But alias is changed for every statement, and
can be realloced if next statement uses a longer
alias. But partitioning items are fixed once
and live as long as the TABLE does. So if
an alias is realloced, pointers to the old
alias string will become invalid.

Fix partitioning item table_name to point to
the actual table name instead.
parent c14c958c
...@@ -91,3 +91,15 @@ t2 CREATE TABLE "t2" ( ...@@ -91,3 +91,15 @@ t2 CREATE TABLE "t2" (
PARTITION BY RANGE ("f1") PARTITION BY RANGE ("f1")
(PARTITION "p1" VALUES LESS THAN MAXVALUE ENGINE = MyISAM) (PARTITION "p1" VALUES LESS THAN MAXVALUE ENGINE = MyISAM)
drop table t1, t2; drop table t1, t2;
set sql_mode=default;
create table t_partition (f1 int) partition by hash(f1) partitions 2;
select * from t_partition as tbl;
f1
show create table t_partition;
Table Create Table
t_partition CREATE TABLE `t_partition` (
`f1` int(11) DEFAULT NULL
) ENGINE=MyISAM DEFAULT CHARSET=latin1
PARTITION BY HASH (`f1`)
PARTITIONS 2
drop table t_partition;
...@@ -30,3 +30,12 @@ set sql_mode=ansi_quotes; ...@@ -30,3 +30,12 @@ set sql_mode=ansi_quotes;
show create table t1; show create table t1;
show create table t2; show create table t2;
drop table t1, t2; drop table t1, t2;
set sql_mode=default;
#
# MDEV-14750 Valgrind Invalid read, ASAN heap-use-after-free in Item_ident::print upon SHOW CREATE on partitioned table
#
create table t_partition (f1 int) partition by hash(f1) partitions 2;
select * from t_partition as tbl;
show create table t_partition;
drop table t_partition;
...@@ -5766,6 +5766,10 @@ bool Item_field::post_fix_fields_part_expr_processor(void *int_arg) ...@@ -5766,6 +5766,10 @@ bool Item_field::post_fix_fields_part_expr_processor(void *int_arg)
DBUG_ASSERT(fixed); DBUG_ASSERT(fixed);
if (field->vcol_info) if (field->vcol_info)
field->vcol_info->mark_as_in_partitioning_expr(); field->vcol_info->mark_as_in_partitioning_expr();
/*
Update table_name to be real table name, not the alias. Because alias is
reallocated for every statement, and this item has a long life time */
table_name= field->table->s->table_name.str;
return FALSE; return FALSE;
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment