Details
-
Bug
-
Status: Closed (View Workflow)
-
Major
-
Resolution: Fixed
-
10.2.15, 10.3.7
Description
This test in the test file:
CREATE TABLE t (a INT, b INT, c INT GENERATED ALWAYS AS(a+b), h VARCHAR(10)); |
INSERT INTO t VALUES (11, 3, DEFAULT, 'mm'); |
INSERT INTO t VALUES (18, 1, DEFAULT, 'mm'); |
INSERT INTO t VALUES (28, 1, DEFAULT, 'mm'); |
INSERT INTO t VALUES (null, null, DEFAULT, 'mm'); |
CREATE INDEX idx_1 on t(c); |
SET SESSION debug_dbug="+d,create_index_fail"; |
--error ER_DUP_ENTRY
|
ALTER TABLE t ADD COLUMN x INT GENERATED ALWAYS AS(a+b), ADD INDEX idx (x); |
SET SESSION debug_dbug=""; |
SHOW CREATE TABLE t; |
SELECT c FROM t; |
DROP TABLE t; |
The index (dict_index_t) is added to the table and not removed when the ALTER TABLE fails. When the table is dropped, dict_index_remove_from_cache_low is invoked. It contains the following:
/* Remove the index from affected virtual column index list */ |
if (dict_index_has_virtual(index)) { |
const dict_col_t* col; |
const dict_v_col_t* vcol; |
|
|
for (ulint i = 0; i < dict_index_get_n_fields(index); i++) { |
col = dict_index_get_nth_col(index, i);
|
if (dict_col_is_virtual(col)) { |
...
|
except when the ALTER TABLE failed, the not-really-added virtual column (that this not-really-added index refers to) was allocated in the ha_innobase_inplace_ctx and freed at the end of the ALTER TABLE. So, dereferencing col in DROP TABLE accessed freed memory and ASAN complains.
Attachments
Issue Links
- causes
-
-
- Closed
-
- is caused by
-
-
- Closed
-
Activity
| Field | Original Value | New Value |
|---|---|---|
| Fix Version/s | 10.2 [ 14601 ] | |
| Fix Version/s | 10.3 [ 22126 ] |
| Description |
This test in the test file:
{code:sql} CREATE TABLE t (a INT, b INT, c INT GENERATED ALWAYS AS(a+b), h VARCHAR(10)); INSERT INTO t VALUES (11, 3, DEFAULT, 'mm'); INSERT INTO t VALUES (18, 1, DEFAULT, 'mm'); INSERT INTO t VALUES (28, 1, DEFAULT, 'mm'); INSERT INTO t VALUES (null, null, DEFAULT, 'mm'); CREATE INDEX idx_1 on t(c); SET SESSION debug_dbug="+d,create_index_fail"; --error ER_DUP_ENTRY ALTER TABLE t ADD COLUMN x INT GENERATED ALWAYS AS(a+b), ADD INDEX idx (x); SET SESSION debug_dbug=""; SHOW CREATE TABLE t; SELECT c FROM t; DROP TABLE t; {code} The index ({{dict_index_t}}) is added to the table and not removed when the {{ALTER TABLE}} fails. When the table is dropped, {{dict_index_remove_from_cache_low}} is invoked. It contains the following: {code:cpp} /* Remove the index from affected virtual column index list */ if (dict_index_has_virtual(index)) { const dict_col_t* col; const dict_v_col_t* vcol; for (ulint i = 0; i < dict_index_get_n_fields(index); i++) { col = dict_index_get_nth_col(index, i); if (dict_col_is_virtual(col)) { ... {code} except when the {{ALTER TABLE}} failed, the not-really-added virtual column (that this not-really-added index refers to) was allocated in the {{ha_innobase_inplace_ctx}} and freed at the end of the {{ALTER TABLE}}. So, dereferencing {{col}} in {{DROP TABLE}} accessed freed memory and ASAN complains. |
| Assignee | Marko Mäkelä [ marko ] |
| Status | Open [ 1 ] | Confirmed [ 10101 ] |
| Link |
This issue is caused by |
| Affects Version/s | 10.3.7 [ 23005 ] | |
| Affects Version/s | 10.2.15 [ 23006 ] | |
| Affects Version/s | 10.2 [ 14601 ] | |
| Affects Version/s | 10.3 [ 22126 ] |
| Component/s | Storage Engine - XtraDB [ 10135 ] |
| Labels | regression |
| issue.field.resolutiondate | 2018-06-04 13:00:36.0 | 2018-06-04 13:00:36.135 |
| Fix Version/s | 10.2.16 [ 23110 ] | |
| Fix Version/s | 10.3.8 [ 23113 ] | |
| Fix Version/s | 10.2 [ 14601 ] | |
| Fix Version/s | 10.3 [ 22126 ] | |
| Resolution | Fixed [ 1 ] | |
| Status | Confirmed [ 10101 ] | Closed [ 6 ] |
| Link |
This issue causes |
| Workflow | MariaDB v3 [ 87634 ] | MariaDB v4 [ 154464 ] |