Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-19536

Server crash or ASAN heap-use-after-free in is_temporary_table / read_statistics_for_tables_if_needed

    XMLWordPrintable

Details

    Description

      Please note that it's a non-deterministic concurrent test.

      SET use_stat_tables= PREFERABLY;
       
      CREATE TABLE t1 (a INT);
      CREATE OR REPLACE VIEW v1 AS SELECT * FROM t1;
       
      --connect (con1,localhost,root,,)
      --let $conid= `SELECT CONNECTION_ID()`
      --delimiter $
      --send
          LOOP
              CREATE OR REPLACE TABLE t1 (b INT);
          END LOOP $
      --delimiter ;
       
      --connection default
      --let $run= 10000
      while ($run)
      {
          --error ER_VIEW_INVALID
          SHOW INDEX FROM v1;
          --dec $run
      }
       
      # Cleanup
      --eval KILL $conid
      DROP VIEW v1;
      DROP TABLE IF EXISTS t1;
      

      10.1 91efcc63

      #3  <signal handler called>
      #4  0x00005555964598fc in is_temporary_table (tl=0x7f153a9a8658) at /data/src/10.1/sql/sql_base.h:675
      #5  0x0000555596573414 in read_statistics_for_tables_if_needed (thd=0x7f153c7cd070, tables=0x7f153a84a868) at /data/src/10.1/sql/sql_statistics.cc:3275
      #6  0x000055559655ca05 in fill_schema_table_by_open (thd=0x7f153c7cd070, is_show_fields_or_keys=true, table=0x7f153a8ff088, schema_table=0x555597627920 <schema_tables+1792>, orig_db_name=0x7f1544f38790, orig_table_name=0x7f1544f387e0, open_tables_state_backup=0x7f1544f38800, can_deadlock=false) at /data/src/10.1/sql/sql_show.cc:4290
      #7  0x000055559655da5b in get_all_tables (thd=0x7f153c7cd070, tables=0x7f153a846960, cond=0x0) at /data/src/10.1/sql/sql_show.cc:4814
      #8  0x000055559656ceeb in get_schema_tables_result (join=0x7f153a8483a8, executed_place=PROCESSED_BY_JOIN_EXEC) at /data/src/10.1/sql/sql_show.cc:8280
      #9  0x000055559650c5f0 in JOIN::exec_inner (this=0x7f153a8483a8) at /data/src/10.1/sql/sql_select.cc:2714
      #10 0x000055559650bc9b in JOIN::exec (this=0x7f153a8483a8) at /data/src/10.1/sql/sql_select.cc:2562
      #11 0x000055559650f229 in mysql_select (thd=0x7f153c7cd070, rref_pointer_array=0x7f153c7d1560, tables=0x7f153a846960, wild_num=0, fields=..., conds=0x0, og_num=0, order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=2684619520, result=0x7f153a848388, unit=0x7f153c7d0bb8, select_lex=0x7f153c7d12b8) at /data/src/10.1/sql/sql_select.cc:3499
      #12 0x0000555596504913 in handle_select (thd=0x7f153c7cd070, lex=0x7f153c7d0af0, result=0x7f153a848388, setup_tables_done_option=0) at /data/src/10.1/sql/sql_select.cc:376
      #13 0x00005555964d40e2 in execute_sqlcom_select (thd=0x7f153c7cd070, all_tables=0x7f153a846960) at /data/src/10.1/sql/sql_parse.cc:5951
      #14 0x00005555964ca443 in mysql_execute_command (thd=0x7f153c7cd070) at /data/src/10.1/sql/sql_parse.cc:3038
      #15 0x00005555964d7d5b in mysql_parse (thd=0x7f153c7cd070, rawbuf=0x7f153a845088 "SHOW INDEX FROM v1", length=18, parser_state=0x7f1544f3a1e0) at /data/src/10.1/sql/sql_parse.cc:7469
      #16 0x00005555964c6455 in dispatch_command (command=COM_QUERY, thd=0x7f153c7cd070, packet=0x7f153e7f0071 "SHOW INDEX FROM v1", packet_length=18) at /data/src/10.1/sql/sql_parse.cc:1499
      #17 0x00005555964c5213 in do_command (thd=0x7f153c7cd070) at /data/src/10.1/sql/sql_parse.cc:1131
      #18 0x00005555966006c3 in do_handle_one_connection (thd_arg=0x7f153c7cd070) at /data/src/10.1/sql/sql_connect.cc:1330
      #19 0x0000555596600409 in handle_one_connection (arg=0x7f153c7cd070) at /data/src/10.1/sql/sql_connect.cc:1242
      #20 0x0000555596a33a3e in pfs_spawn_thread (arg=0x7f1542c39c70) at /data/src/10.1/storage/perfschema/pfs.cc:1861
      #21 0x00007f1544bb84a4 in start_thread (arg=0x7f1544f3b700) at pthread_create.c:456
      #22 0x00007f15435ced0f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:97
      

      Reproducible on 10.1-10.4.

      Attachments

        Activity

          People

            svoj Sergey Vojtovich
            elenst Elena Stepanova
            Votes:
            0 Vote for this issue
            Watchers:
            7 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Git Integration

                Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.