[MDEV-20097] potential use-after-free Created: 2019-07-18  Updated: 2019-07-19  Resolved: 2019-07-19

Status: Closed
Project: MariaDB Server
Component/s: Data Definition - Alter Table, Storage Engine - InnoDB
Affects Version/s: 10.1, 10.2, 10.3, 10.4
Fix Version/s: 10.2.26, 10.1.41, 10.3.17, 10.4.7

Type: Bug Priority: Major
Reporter: Eugene Kosov (Inactive) Assignee: Eugene Kosov (Inactive)
Resolution: Fixed Votes: 0
Labels: None

Issue Links:
Relates
relates to MDEV-19471 Add ASAN-poisoned redzones for mem_he... Closed

 Description   

But was revealed while I was working on https://jira.mariadb.org/browse/MDEV-19471

buf is an alias for a merge_buf[i] and thus both must have the same value.

Here is where it's violated:
https://github.com/MariaDB/server/blob/f616e2b97fec3a8105c70cd72e80d6ef57f460c7/storage/innobase/row/row0merge.cc#L1918
Generated at Thu Feb 08 08:56:42 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.