Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-23360

A possible use-after-free bug

    XMLWordPrintable

    Details

      Description

      In the file(MariaDB/server/storage/rocksdb/rocksdb/db/db_impl/db_impl_open.cc), there is a possible use-after-free bug in the function RecoverLogFiles. The cfd is freed at line 949 and is used at 953 and 956.

      cfd->UnrefAndTryDelete(); //949
      auto iter = version_edits.find(cfd->GetID());//953
      status = WriteLevel0TableForRecovery(job_id, cfd, cfd->mem(), edit);//956

      The UnrefAndTryDelete function is located at line 606 in MariaDB/server/storage/rocksdb/rocksdb/db/trim_history_scheduler.cc.

        Attachments

          Activity

            People

            Assignee:
            psergei Sergei Petrunia
            Reporter:
            Ryan Ryan
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Dates

              Created:
              Updated:

                Git Integration

                Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.