Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-20822

INET6 crashes in combination with RBR extended metadata

    XMLWordPrintable

    Details

      Description

      I run mtr with the following test file, which enables RBR extended metadata (recently added by MDEV-20477):

      --source include/have_debug.inc
      --source include/have_binlog_format_row.inc
       
      RESET MASTER;
      SET GLOBAL binlog_row_metadata = MINIMAL;
       
      --let $MYSQLD_DATADIR= `select @@datadir`
      --let $binlog_file= $MYSQLD_DATADIR/master-bin.000001
       
      CREATE TABLE t1 (a INET6);
      INSERT INTO t1 VALUES('::');
      --source suite/binlog/include/print_optional_metadata.inc
      DROP TABLE t1;
      RESET MASTER;
       
      RESET MASTER;
      SET GLOBAL binlog_row_metadata = FULL;
       
      CREATE TABLE t1 (a INET6);
      INSERT INTO t1 VALUES('::');
      --source suite/binlog/include/print_optional_metadata.inc
      DROP TABLE t1;
      RESET MASTER;
       
      SET GLOBAL binlog_row_metadata = DEFAULT;
      

      It crashes with the following stack trace:

      sql/log_event_server.cc:6567(Table_map_log_event::init_charset_field(bool (*)(Binlog_type_info*, Field*), Table_map_log_event::Optional_metadata_field_type, Table_map_log_event::Optional_metadata_field_type))[0xded95e]
      sql/log_event_server.cc:6418(Table_map_log_event::init_metadata_fields())[0xdebf02]
      sql/log_event_server.cc:6038(Table_map_log_event)[0xdebd2d]
      sql/log.cc:5833(THD::binlog_write_table_map(TABLE*, bool, char*))[0xda633c]
      sql/handler.cc:6258(write_locked_table_maps(THD*))[0xc4e794]
      sql/handler.cc:6286(binlog_log_row_internal(TABLE*, unsigned char const*, unsigned char const*, bool (*)(THD*, TABLE*, bool, unsigned char const*, unsigned char const*)))[0xc47aed]
      sql/handler.cc:6319(binlog_log_row(TABLE*, unsigned char const*, unsigned char const*, bool (*)(THD*, TABLE*, bool, unsigned char const*, unsigned char const*)))[0xc47a8d]
      sql/handler.cc:6637(handler::ha_write_row(unsigned char const*))[0xc48b46]
      sql/sql_insert.cc:2036(write_record(THD*, TABLE*, st_copy_info*))[0x835bf1]
      sql/sql_insert.cc:1076(mysql_insert(THD*, TABLE_LIST*, List<Item>&, List<List<Item> >&, List<Item>&, List<Item>&, enum_duplicates, bool))[0x831f33]
      sql/sql_parse.cc:4474(mysql_execute_command(THD*))[0x88f86f]
      sql/sql_parse.cc:7939(mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool))[0x884400]
      sql/sql_parse.cc:1844(dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool))[0x880a3e]
      sql/sql_parse.cc:1362(do_command(THD*))[0x8854aa]
      sql/sql_connect.cc:1422(do_handle_one_connection(CONNECT*, bool))[0xa54980]
      sql/sql_connect.cc:1321(handle_one_connection)[0xa5466a]
      

      The problem resides in this code piece:

          // Store the default collation number
          store_compressed_length(buf, default_collation);
       
          for (unsigned int i= 0 ; i < m_table->s->fields ; ++i)
          {
            if (include_type(binlog_type_info_array, m_table->field[i]))
            {
              Field_str *field= dynamic_cast<Field_str *>(m_table->field[i]);
       
              if (field->charset()->number != default_collation)
              {
                store_compressed_length(buf, char_column_index);
                store_compressed_length(buf, field->charset()->number);
              }
              char_column_index++;
            }
          }
          return write_tlv_field(m_metadata_buf, default_charset_type, buf);
      

      Notice, it casts m_table->field[i] to Field_str, but Field_inet6 is not a descendant of Field_str. So the cast gets a NULL pointer.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              bar Alexander Barkov
              Reporter:
              bar Alexander Barkov
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: