maria-developers team mailing list archive

[Sergei Golubchik <serg@xxxxxxxxxxx>]

Hi, Oleksandr!

On May 20, Oleksandr Byelkin wrote:
> revision-id: ddec45aa50e (mariadb-10.2.24-11-gddec45aa50e)
> parent(s): 50999738eae
> author: Oleksandr Byelkin <sanja@xxxxxxxxxxx>
> committer: Oleksandr Byelkin <sanja@xxxxxxxxxxx>
> timestamp: 2019-05-14 14:01:15 +0200
> message:
> 
> MDEV-16932: ASAN heap-use-after-free in my_charlen_utf8 /
> my_well_formed_char_length_utf8 on 2nd execution of SP with ALTER
> trying to add bad CHECK
> 
> In case of error the SP can be executed without re-comilation and so
> will reuse constructed constaint name, so the name should be allocated
> in the statement memory.

Is that right? You're saying that the "unique constraint name" will be
generated once and reused?

But on the second SP invocation is might no longer be unique. I'd think
that `ALTER TABLE t1 ADD CONSTRAINT CHECK (x > 0)` should add a new
constraint, not "add a new contraint with the name that used to be
unique when the SP was invoked for the first time".

> diff --git a/sql/sql_table.cc b/sql/sql_table.cc
> index 3df877792cc..ecd5de3a09d 100644
> --- a/sql/sql_table.cc
> +++ b/sql/sql_table.cc
> @@ -4185,9 +4185,15 @@ mysql_prepare_create_table(THD *thd, HA_CREATE_INFO *create_info,
>      while ((check= c_it++))
>      {
>        if (!check->name.length)
> +      {
> +        Query_arena backup;
> +        Query_arena *arena= thd->activate_stmt_arena_if_needed(&backup);
>          make_unique_constraint_name(thd, &check->name,
>                                      &alter_info->check_constraint_list,
>                                      &nr);
> +        if (arena)
> +          thd->restore_active_arena(arena, &backup);
> +      }
>        {
>          /* Check that there's no repeating constraint names. */
>          List_iterator_fast<Virtual_column_info>

Regards,
Sergei
Chief Architect MariaDB
and security@xxxxxxxxxxx