Details
-
Bug
-
Status: Closed (View Workflow)
-
Major
-
Resolution: Fixed
-
5.5.33a-galera, 10.0.19-galera, 10.1.6, 10.2.0, 10.3.0, 10.4.0
Description
In row_ins_foreign_check_on_constraint(), clustered index record is being passed to wsrep_append_foreign_key() after releasing the latch. If a record has been changed by other thread in the meantime then it could lead to a crash when
wsrep_rec_get_foreign_key () tries to access the record.
The following is the problematic code :
btr_pcur_store_position(pcur, mtr);
|
|
|
if (index == clust_index) {
|
btr_pcur_copy_stored_position(cascade->pcur, pcur);
|
} else {
|
btr_pcur_store_position(cascade->pcur, mtr);
|
}
|
|
|
mtr_commit(mtr);
|
|
ut_a(cascade->pcur->rel_pos == BTR_PCUR_ON);
|
|
cascade->state = UPD_NODE_UPDATE_CLUSTERED;
|
|
#ifdef WITH_WSREP
|
err = wsrep_append_foreign_key(
|
thr_get_trx(thr),
|
foreign,
|
clust_rec,
|
clust_index,
|
FALSE,
|
(node) ? TRUE : FALSE);
|
Attachments
Activity
In row_ins_check_foreign_constraint same function is called inside a active mtr.
I think that we need a test case that exercises the error handling code. Note: I am not asking for a test that reproduces the race condition.
Also, please address my review comments regarding the code changes.
I wonder if we could simply replace clust_rec with cascade->pcur->old_rec in the call.
Can we merely replace the clust_rec with cascade->pcur->old_rec and omit all other changes? I am concerned about adding so much code for error handling or reporting, especially when that code is not being backed by an ‘organic’ test case that does not resort to fault injection.
As far as I can tell, this was introduced in 5.5.25-galera, 10.0.19-galera, 10.1.6.