[MDEV-13084] MariaDB 10.2 crashes on corrupted SYS_TABLES.MIX_LEN field Created: 2017-06-13 Updated: 2018-04-26 Resolved: 2017-10-04 |
|
| Status: | Closed |
| Project: | MariaDB Server |
| Component/s: | Storage Engine - InnoDB |
| Affects Version/s: | 10.2.2, 10.2.3, 10.2.4, 10.2.5, 10.3.0, 10.2.6 |
| Fix Version/s: | 10.2.7, 10.3.1 |
| Type: | Bug | Priority: | Major |
| Reporter: | Marko Mäkelä | Assignee: | Marko Mäkelä |
| Resolution: | Fixed | Votes: | 0 |
| Labels: | compat56 | ||
| Issue Links: |
|
||||||||
| Description |
|
MySQL 5.7 introduced a change that broke compatibility with old data files, by reading the SYS_TABLES.MIX_LEN column also for ROW_FORMAT=REDUNDANT tables, even though this column was written as uninitialized garbage in MySQL 4.1 and earlier versions. Because MariaDB 10.2 does not support the TABLESPACE attribute for InnoDB tables like MySQL 5.7 does, we do not need this change and can essentially revert it. |
| Comments |
| Comment by Marko Mäkelä [ 2017-06-13 ] |
|
It turns out that the logic behind the MySQL 5.7 change is sound (the garbage SYS_TABLES.MIX_LEN was written before MySQL 4.1, and before MySQL 4.1, SYS_TABLES.SPACE was always written as 0), but the error handling is incorrect. The test innodb.row_format_redundant is not really testing the corruption; it is using fault injection by DBUG_EXECUTE_IF. This would lead to a crash when dict_sys_tables_rec_read() would return an error by setting *flags2 = ULINT_UNDEFINED. The callers are only checking for flags, not flags2. |