[MDEV-23360] A possible use-after-free bug - Jira

XML

Word

Printable

Details

Type: Bug
Status: Open (View Workflow)
Priority: Major
Resolution: Unresolved
Affects Version/s: 10.5.3
Fix Version/s: 10.5
Component/s: Storage Engine - RocksDB
Labels:
None
Environment:
Linux

Description

In the file(MariaDB/server/storage/rocksdb/rocksdb/db/db_impl/db_impl_open.cc), there is a possible use-after-free bug in the function RecoverLogFiles. The cfd is freed at line 949 and is used at 953 and 956.

cfd->UnrefAndTryDelete(); //949
auto iter = version_edits.find(cfd->GetID());//953
status = WriteLevel0TableForRecovery(job_id, cfd, cfd->mem(), edit);//956

The UnrefAndTryDelete function is located at line 606 in MariaDB/server/storage/rocksdb/rocksdb/db/trim_history_scheduler.cc.

Attachments

Activity

People

Assignee:: Sergei Petrunia

Reporter:: Ryan

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 2020-08-01 05:08

Updated:: 2020-08-01 09:14

Git Integration

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.