maria-developers team mailing list archive

Thread
Date

Re: a639eff: MDEV-15813 ASAN use-after-poison in hp_hashnr upon HANDLER READ on a versioned HEAP table.

To: maria-developers@xxxxxxxxxxxxxxxxxxx
From: Sergei Golubchik <serg@xxxxxxxxxxx>
Date: Wed, 16 May 2018 11:53:01 +0200
Cc: holyfoot@xxxxxxxxxxx
In-reply-to: <20180516054545.681DA140D96@nebo.localdomain>
User-agent: Mutt/1.7.2 (2016-11-26)

Hi, Alexey!

On May 16, Alexey Botchkov wrote:
> revision-id: a639eff5940ed4147709511aeaee922fa7095284 (mariadb-10.3.6-193-ga639eff)
> parent(s): cd15e764a8a4f3e799f1efaede413c95e3233df6
> committer: Alexey Botchkov
> timestamp: 2018-05-16 09:44:22 +0400
> message:
> 
> MDEV-15813 ASAN use-after-poison in hp_hashnr upon HANDLER READ on a versioned HEAP table.
> 
> Check index capabilities before executing HANDLER READ command.
> 
> diff --git a/sql/sql_handler.cc b/sql/sql_handler.cc
> index 187a746..02d5bbf 100644
> --- a/sql/sql_handler.cc
> +++ b/sql/sql_handler.cc
> @@ -660,6 +660,18 @@ mysql_ha_fix_cond_and_key(SQL_HANDLER *handler,
>        Item *item;
>        key_part_map keypart_map;
>        uint key_len;
> +      const KEY *c_key= table->s->key_info + handler->keyno;
> +
> +      if ((c_key->flags & HA_SPATIAL) ||
> +           c_key->algorithm == HA_KEY_ALG_FULLTEXT ||
> +          (ha_rkey_mode != HA_READ_KEY_EXACT &&
> +           (table->file->index_flags(handler->keyno, 0, TRUE) &
> +            (HA_READ_NEXT | HA_READ_PREV | HA_READ_RANGE)) == 0))

This is strange. Do you mean that SPATIAL and FULLTEXT indexes have
HA_READ_NEXT or HA_READ_PREV or HA_READ_RANGE?

Regards,
Sergei
Chief Architect MariaDB
and security@xxxxxxxxxxx