[MDEV-24041] Generated column DELETE with FOREIGN KEY crash InnoDB - Jira

Details

Type: Bug
Status: Closed (View Workflow)
Priority: Critical
Resolution: Fixed
Affects Version/s: 10.2(EOL), 10.3(EOL), 10.4(EOL), 10.5
Fix Version/s: 10.2.37, 10.3.28, 10.4.18, 10.5.9
Component/s: Data Manipulation - Delete, Storage Engine - InnoDB
Labels:
- ASAN

Description

Reported via HackerOne by Petr Gregor (gregy)

I discovered a sequence of sql commands which will crash mariadb server upon execution. I have replicated the problem with mariadb 10.5.6, mysql 8 and mysql 5.7 both in docker and when using a full VM. I am able to trigger the crash as a remote user with full access to a single database.

SQL to replicate the crash:

create database ctest;

use ctest;

DROP TABLE IF EXISTS `email_stats`;

DROP TABLE IF EXISTS `emails_metadata`;

DROP TABLE IF EXISTS `emails`;

CREATE TABLE `emails` (

  `id` int(10) unsigned NOT NULL AUTO_INCREMENT,

  PRIMARY KEY (`id`)

) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci ROW_FORMAT=DYNAMIC;

CREATE TABLE `email_stats` (

  `id` bigint(20) unsigned NOT NULL AUTO_INCREMENT,

  `email_id` int(10) unsigned DEFAULT NULL,

  `date_sent` datetime NOT NULL,

  `generated_sent_date` date GENERATED ALWAYS AS (concat(year(`date_sent`),'-',lpad(month(`date_sent`),2,'0'),'-',lpad(dayofmonth(`date_sent`),2,'0'))) VIRTUAL,

  PRIMARY KEY (`id`),

  KEY `IDX_D0F71136A832C1C9` (`email_id`),

  KEY `mautic_generated_sent_date_email_id` (`generated_sent_date`,`email_id`),

  CONSTRAINT `FK_D0F71136A832C1C9` FOREIGN KEY (`email_id`) REFERENCES `emails` (`id`) ON DELETE SET NULL

) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci ROW_FORMAT=DYNAMIC;

CREATE TABLE `emails_metadata` (

  `email_id` int(10) unsigned NOT NULL,

  PRIMARY KEY (`email_id`),

  CONSTRAINT `FK_C79476FDA832C1C9` FOREIGN KEY (`email_id`) REFERENCES `emails` (`id`) ON DELETE CASCADE

) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci ROW_FORMAT=DYNAMIC;

INSERT INTO `emails` VALUES (1);

INSERT INTO `email_stats` (`id`, `email_id`,  `date_sent`) VALUES (1,1,'2020-10-22 13:32:41');

INSERT INTO `emails_metadata` VALUES (1);

COMMIT;

DELETE FROM emails;

The easiest way to replicate the problem is using these docker commands and pasting the above script into mysql shell:

docker run --rm  -e MYSQL_ALLOW_EMPTY_PASSWORD=yes --name mtest mariadb:latest &

docker exec -it mtest mysql

I do not have implementation level details about why this is happening. It is an accidental discovery.

Attachments

Issue Links

relates to

MDEV-26228 Heap-use-after-free on indexed virtual column with ON UPDATE CASCADE

Closed

MDEV-25466 Merge new release of InnoDB 5.7.34 to 10.2

Closed

Activity

Transition	Time In Source Status	Execution Times

Marko Mäkelä made transition - 2020-10-27 19:25

Open

Confirmed

18m 4s

Nikita Malyavin made transition - 2020-12-16 07:57

Confirmed

In Progress

49d 12h 31m

Nikita Malyavin made transition - 2020-12-17 03:39

In Progress

In Review

19h 41m

Marko Mäkelä made transition - 2020-12-17 13:35

In Review

Stalled

9h 56m

Nikita Malyavin made transition - 2020-12-24 09:51

Stalled

Closed

6d 20h 16m

People

Assignee:: Nikita Malyavin

Reporter:: Vicențiu Ciorbaru

Votes:: 0 Vote for this issue

Watchers:: 6 Start watching this issue

Dates

Created:: 2020-10-27 19:07

Updated:: 2023-12-06 20:06

Resolved:: 2020-12-24 09:51

Git Integration

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.

MariaDB Server