maria-developers team mailing list archive

Thread
Date

Re: 5651e72: MDEV-15465 Server crash or ASAN heap-use-after-free in Item_func_match::cleanup upon using FT search with partitioning.

To: maria-developers@xxxxxxxxxxxxxxxxxxx
From: Sergei Golubchik <serg@xxxxxxxxxxx>
Date: Sun, 6 May 2018 20:38:20 +0200
Cc: holyfoot@xxxxxxxxxxx
In-reply-to: <20180503084502.848A4140C7A@nebo.localdomain>
User-agent: Mutt/1.7.2 (2016-11-26)

Hi, Alexey!

On May 03, Alexey Botchkov wrote:
> revision-id: 5651e72b8dd20e29a4963723773ec6bcfac457ba (mariadb-10.3.6-102-g5651e72)
> parent(s): 73a10cbcc5178ae5378abb821428d35d3276b4da
> committer: Alexey Botchkov
> timestamp: 2018-05-03 12:42:56 +0400
> message:
> 
> MDEV-15465 Server crash or ASAN heap-use-after-free in Item_func_match::cleanup upon using FT search with partitioning.
> 
> The Item_func_match::cleanup() uses table's internals so it's not safe
> to call it after the close_thread_tables(). Let's call it in
> st_select_lex::cleanup().

Oops. Agree, thanks.
But why do you fix it in 10.3? Looks like a 5.5+ bug.

Regards,
Sergei
Chief Architect MariaDB
and security@xxxxxxxxxxx