-
Type:
Bug
-
Status: Closed (View Workflow)
-
Priority:
Major
-
Resolution: Fixed
-
Affects Version/s: 10.5.1
-
Fix Version/s: 10.5.4
-
Component/s: Storage Engine - InnoDB
-
Labels:
The test parts.longname that I extended for MDEV-22817 revealed another error that was introduced in MDEV-16678:
|
10.5 0e69f601aaafb920a9305c4ab5d380de2b43e917 |
==113772==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7f8718ff4b21 at pc 0x7f872870157d bp 0x7f8718ff47f0 sp 0x7f8718ff3f98
|
WRITE of size 394 at 0x7f8718ff4b21 thread T15
|
#0 0x7f872870157c (/lib/x86_64-linux-gnu/libasan.so.5+0x9b57c)
|
#1 0x558391fc45d0 in bool dict_table_t::parse_name<true>(char (&) [193], char (&) [193], unsigned long*, unsigned long*) const /home/buildbot/buildbot/build/mariadb-10.5.4/storage/innobase/dict/dict0dict.cc:751
|
#2 0x558391fc49c2 in dict_table_t* dict_acquire_mdl_shared<false>(dict_table_t*, THD*, MDL_ticket**, dict_table_op_t) /home/buildbot/buildbot/build/mariadb-10.5.4/storage/innobase/dict/dict0dict.cc:819
|
#3 0x558391faff5a in dict_table_open_on_id(unsigned long, bool, dict_table_op_t, THD*, MDL_ticket**) /home/buildbot/buildbot/build/mariadb-10.5.4/storage/innobase/dict/dict0dict.cc:955
|
The problem is that we are copying the entire table name (with partition and subpartition names) to the buffer, and only then stripping the partition and subpartition components.
- is caused by
-
MDEV-16678 Use MDL for innodb background threads instead of dict_operation_lock
-
- Closed
-