maria-developers team mailing list archive

Thread
Date

MDEV-18734 ASAN heap-use-after-free in my_strnxfrm_simple_internal upon update on versioned partitioned table

To: Sergei Golubchik <serg@xxxxxxxxxxx>
From: Aleksey Midenkov <midenok@xxxxxxxxx>
Date: Mon, 11 Mar 2019 22:26:30 +0300
Cc: "MariaDB Developers \(maria-developers@xxxxxxxxxxxxxxxxxxx\)" <maria-developers@xxxxxxxxxxxxxxxxxxx>

Hi, Sergei!

ha_partition::handle_ordered_index_scan() stores records
in m_ordered_rec_buffer. Then TABLE::update_virtual_fields() updates blob
buffer and frees the old one. Then ha_partition::return_top_record()
returns record from m_ordered_rec_buffer with stale blob pointer. What
should we do with this? I propose to duplicate blob buffer when record gets
into m_ordered_rec_buffer.

More details can be found here:

https://github.com/tempesta-tech/mariadb/issues/581

-- 
All the best,

Aleksey Midenkov
@midenok

Follow ups

Re: MDEV-18734 ASAN heap-use-after-free in my_strnxfrm_simple_internal upon update on versioned partitioned table
From: Sergei Golubchik, 2019-03-12