[MDEV-15537] Server crashes in mysql_prepare_alter_table after failed ADD CONSTRAINT CHECK Created: 2018-03-10  Updated: 2018-05-23  Resolved: 2018-05-23

Status: Closed
Project: MariaDB Server
Component/s: Data Definition - Alter Table
Affects Version/s: 10.2, 10.3
Fix Version/s: 10.2.15, 10.3.7

Type: Bug Priority: Major
Reporter: Elena Stepanova Assignee: Sergei Golubchik
Resolution: Fixed Votes: 0
Labels: None

Issue Links:
Relates
relates to MDEV-15746 ASAN heap-use-after-free in Item_chan... Closed

 Description    

CREATE TABLE t1 (a TEXT DEFAULT '');
 
ALTER TABLE t1 DEFAULT COLLATE utf8_general_ci, LOCK=SHARED;
 
--error ER_BAD_FIELD_ERROR
 
ALTER TABLE t1 ADD CONSTRAINT CHECK (non_existing_column > 0);
 
ALTER TABLE t1 CHANGE COLUMN IF EXISTS b c INT;
 
 
 
# Cleanup
 
DROP TABLE t1;

10.2 a050189773c

 
#3  <signal handler called>
 
#4  0x000055c862b3f6be in mysql_prepare_alter_table (thd=0x7f510c000b00, table=0x7f510c15db60, create_info=0x7f511d19ae50, alter_info=0x7f511d19ada0, alter_ctx=0x7f511d19a240) at /data/src/10.2/sql/sql_table.cc:7677
 
#5  0x000055c862b431e6 in mysql_alter_table (thd=0x7f510c000b00, new_db=0x7f510c012c10 "test", new_name=0x0, create_info=0x7f511d19ae50, table_list=0x7f510c012600, alter_info=0x7f511d19ada0, order_num=0, order=0x0, ignore=false) at /data/src/10.2/sql/sql_table.cc:9015
 
#6  0x000055c862bbd954 in Sql_cmd_alter_table::execute (this=0x7f510c012d08, thd=0x7f510c000b00) at /data/src/10.2/sql/sql_alter.cc:324
 
#7  0x000055c862a78c57 in mysql_execute_command (thd=0x7f510c000b00) at /data/src/10.2/sql/sql_parse.cc:6208
 
#8  0x000055c862a7d5d1 in mysql_parse (thd=0x7f510c000b00, rawbuf=0x7f510c0124f8 "ALTER TABLE t1 CHANGE COLUMN IF EXISTS b c INT", length=46, parser_state=0x7f511d19c200, is_com_multi=false, is_next_command=false) at /data/src/10.2/sql/sql_parse.cc:7902
 
#9  0x000055c862a6b4f1 in dispatch_command (command=COM_QUERY, thd=0x7f510c000b00, packet=0x7f510c16b561 "ALTER TABLE t1 CHANGE COLUMN IF EXISTS b c INT", packet_length=46, is_com_multi=false, is_next_command=false) at /data/src/10.2/sql/sql_parse.cc:1806
 
#10 0x000055c862a69e54 in do_command (thd=0x7f510c000b00) at /data/src/10.2/sql/sql_parse.cc:1360
 
#11 0x000055c862bb8646 in do_handle_one_connection (connect=0x55c8663ba3e0) at /data/src/10.2/sql/sql_connect.cc:1335
 
#12 0x000055c862bb83d3 in handle_one_connection (arg=0x55c8663ba3e0) at /data/src/10.2/sql/sql_connect.cc:1241
 
#13 0x000055c862fd81f8 in pfs_spawn_thread (arg=0x55c866394ea0) at /data/src/10.2/storage/perfschema/pfs.cc:1862
 
#14 0x00007f5124b97494 in start_thread (arg=0x7f511d19d700) at pthread_create.c:333
 
#15 0x00007f5122f7d93f in clone () from /lib/x86_64-linux-gnu/libc.so.6



 Comments   
Comment by Elena Stepanova [ 2018-05-23 ]

The failure stopped happening after this commit:
https://github.com/MariaDB/server/commit/92a13148e80c30422ae5460032169cbe1946fa6d

commit 92a13148e80c30422ae5460032169cbe1946fa6d
 
Author: Sergei Golubchik
 
Date:   Mon Apr 16 23:14:28 2018 +0200
 
 
 
    MDEV-15746 ASAN heap-use-after-free in Item_change_list::rollback_item_tree_changes on ALTER executed as PS
 
    
    don't try to convert a default value string from a user character set
 
    into a column character set, if this particular default value string did
 
    not came from the user at all (that is, if it's an ALTER TABLE and the
 
    default value string is the *old* default value of the unaltered
 
    column).
 
    
    This used to crash, because old defaults are allocated on the old
 
    table's memroot, which is freed mid-ALTER when the old table is closed.
 
    So thd->rollback_item_tree_changes() at the end of the ALTER was writing
 
    into the freed memory.

Generated at Thu Feb 08 08:22:04 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.