[#MDEV-22896] [draft] ASAN heap-use-after-free in list

10.5 c9f5cb97af6d3ef853f84a196
ERROR: AddressSanitizer: heap-use-after-free on address 0x621000c7e128 at pc 0x5650ea23712f bp 0x7ff749067820 sp 0x7ff749067810
WRITE of size 8 at 0x621000c7e128 thread T19
#0 0x5650ea23712e in list_delete /git/10.5/mysys/list.c:48
#1 0x5650ea2ae256 in thr_lock_delete /git/10.5/mysys/thr_lock.c:462
#2 0x5650ea1394f8 in mi_close /git/10.5/storage/myisam/mi_close.c:107
#3 0x5650ea0f980d in ha_myisam::close() /git/10.5/storage/myisam/ha_myisam.cc:935
#4 0x5650e8d18a2b in handler::ha_close() /git/10.5/sql/handler.cc:3023
#5 0x5650e887da17 in closefrm(TABLE*) /git/10.5/sql/table.cc:4288
#6 0x5650e8b6c7ef in THD::close_temporary_table(TABLE*) /git/10.5/sql/temporary_tables.cc:1240
#7 0x5650e8b6e15f in THD::free_temporary_table(TABLE*) /git/10.5/sql/temporary_tables.cc:1490
#8 0x5650e8b68a30 in THD::drop_temporary_table(TABLE, bool, bool) /git/10.5/sql/temporary_tables.cc:660
#9 0x5650e83a02c2 in drop_open_table(THD, TABLE, st_mysql_const_lex_string const, st_mysql_const_lex_string const) /git/10.5/sql/sql_base.cc:1348
#10 0x5650e84a25ce in select_create::abort_result_set() /git/10.5/sql/sql_insert.cc:5080
#11 0x5650e85de9b7 in handle_select(THD, LEX, select_result*, unsigned long) /git/10.5/sql/sql_select.cc:435
#12 0x5650e87e8957 in Sql_cmd_create_table_like::execute(THD*) /git/10.5/sql/sql_table.cc:11985
#13 0x5650e854c953 in mysql_execute_command(THD*) /git/10.5/sql/sql_parse.cc:5951
#14 0x5650e85abcc5 in Prepared_statement::execute(String*, bool) /git/10.5/sql/sql_prepare.cc:4786
#15 0x5650e85a75cc in Prepared_statement::execute_loop(String, bool, unsigned char, unsigned char*) /git/10.5/sql/sql_prepare.cc:4275
#16 0x5650e85a17cb in mysql_sql_stmt_execute(THD*) /git/10.5/sql/sql_prepare.cc:3387
#17 0x5650e853e3d2 in mysql_execute_command(THD*) /git/10.5/sql/sql_parse.cc:3955
#18 0x5650e855a1c2 in mysql_parse(THD, char, unsigned int, Parser_state*, bool, bool) /git/10.5/sql/sql_parse.cc:7993
#19 0x5650e8531758 in dispatch_command(enum_server_command, THD, char, unsigned int, bool, bool) /git/10.5/sql/sql_parse.cc:1973
#20 0x5650e852d584 in do_command(THD*) /git/10.5/sql/sql_parse.cc:1355
#21 0x5650e895ac7c in do_handle_one_connection(CONNECT*, bool) /git/10.5/sql/sql_connect.cc:1411
#22 0x5650e895a5d5 in handle_one_connection /git/10.5/sql/sql_connect.cc:1313
#23 0x5650e93aaefc in pfs_spawn_thread /git/10.5/storage/perfschema/pfs.cc:2201
#24 0x7ff77c0946da in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x76da)
#25 0x7ff77b27a88e in __clone (/lib/x86_64-linux-gnu/libc.so.6+0x12188e)

[MDEV-22896] [draft] ASAN heap-use-after-free in list_delete Created: 2020-06-15 Updated: 2020-06-15
Status:	Open
Project:	MariaDB Server
Component/s:	None
Affects Version/s:	10.5
Fix Version/s:	10.5

[MDEV-22896] [draft] ASAN heap-use-after-free in list_delete Created: 2020-06-15 Updated: 2020-06-15