[#MDEV-23534] SIGSEGV in sf_malloc_usable_size/my_free on SET GLOBAL REPLICATE_DO

USE test;

SET SESSION default_master_connection='a';

CREATE TABLE t(a INT) UNION=(t);

CHANGE MASTER TO MASTER_USER='a', MASTER_PASSWORD='a';

SET GLOBAL REPLICATE_DO_TABLE=NULL;

10.4.15 eae968f62d285de97ed607c87bc131cd863d5d03 (Debug)
Core was generated by `/test/MD110820-mariadb-10.4.15-linux-x86_64-dbg/bin/mysqld --no-defaults --core'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0 __pthread_kill (threadid=<optimized out>, signo=signo@entry=11)
at ../sysdeps/unix/sysv/linux/pthread_kill.c:57
[Current thread is 1 (Thread 0x15366c344700 (LWP 1432627))]
(gdb) bt
#0 __pthread_kill (threadid=<optimized out>, signo=signo@entry=11) at ../sysdeps/unix/sysv/linux/pthread_kill.c:57
#1 0x0000564c6424e8a6 in my_write_core (sig=sig@entry=11) at /test/10.4_dbg/mysys/stacktrace.c:482
#2 0x0000564c639cacdc in handle_fatal_signal (sig=11) at /test/10.4_dbg/sql/signal_handler.cc:343
#3 <signal handler called>
#4 sf_malloc_usable_size (ptr=ptr@entry=0x38, is_thread_specific=is_thread_specific@entry=0x15366c340fff "") at /test/10.4_dbg/mysys/safemalloc.c:215
#5 0x0000564c64249b76 in my_free (ptr=0x38) at /test/10.4_dbg/mysys/my_malloc.c:213
#6 0x0000564c642264ab in delete_dynamic (array=array@entry=0x15364480ef28) at /test/10.4_dbg/mysys/array.c:302
#7 0x0000564c6422a6e7 in my_hash_free (hash=hash@entry=0x15364480ef00) at /test/10.4_dbg/mysys/hash.c:158
#8 0x0000564c6362f152 in Rpl_filter::set_do_table (this=this@entry=0x15364480ef00, table_spec=table_spec@entry=0x0) at /test/10.4_dbg/sql/rpl_filter.cc:358
#9 0x0000564c6386ee4f in Sys_var_rpl_filter::set_filter_value (this=this@entry=0x564c64ea7320 <Sys_replicate_do_table>, value=0x0, mi=mi@entry=0x153644900000) at /test/10.4_dbg/sql/sys_vars.cc:5028
#10 0x0000564c6386efd9 in Sys_var_rpl_filter::global_update (this=0x564c64ea7320 <Sys_replicate_do_table>, thd=<optimized out>, var=0x15364486d1e8) at /test/10.4_dbg/sql/sys_vars.cc:5007
#11 0x0000564c63633a3a in sys_var::update (this=0x564c64ea7320 <Sys_replicate_do_table>, thd=0x153644815070, var=0x15364486d1e8) at /test/10.4_dbg/sql/set_var.cc:208
#12 0x0000564c63633f75 in set_var::update (this=<optimized out>, thd=<optimized out>) at /test/10.4_dbg/sql/set_var.cc:837
#13 0x0000564c636352c2 in sql_set_variables (thd=thd@entry=0x153644815070, var_list=var_list@entry=0x153644819ea8, free=free@entry=true) at /test/10.4_dbg/sql/set_var.cc:740
#14 0x0000564c6371bde0 in mysql_execute_command (thd=thd@entry=0x153644815070) at /test/10.4_dbg/sql/sql_parse.cc:4942
#15 0x0000564c63722090 in mysql_parse (thd=thd@entry=0x153644815070, rawbuf=<optimized out>, length=<optimized out>, parser_state=parser_state@entry=0x15366c343460, is_com_multi=is_com_multi@entry=false, is_next_command=is_next_command@entry=false) at /test/10.4_dbg/sql/sql_parse.cc:7896
#16 0x0000564c63724920 in dispatch_command (command=command@entry=COM_QUERY, thd=thd@entry=0x153644815070, packet=packet@entry=0x153644857071 "SET GLOBAL replicate_do_TABLE=NULL", packet_length=packet_length@entry=34, is_com_multi=is_com_multi@entry=false, is_next_command=is_next_command@entry=false) at /test/10.4_dbg/sql/sql_parse.cc:1834
#17 0x0000564c6372835b in do_command (thd=0x153644815070) at /test/10.4_dbg/sql/sql_parse.cc:1352
#18 0x0000564c638548b6 in do_handle_one_connection (connect=connect@entry=0x153669035790) at /test/10.4_dbg/sql/sql_connect.cc:1412
#19 0x0000564c638549d6 in handle_one_connection (arg=0x153669035790) at /test/10.4_dbg/sql/sql_connect.cc:1316
#20 0x000015366b5426db in start_thread (arg=0x15366c344700) at pthread_create.c:463
#21 0x000015366a6bca3f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

==29406== Conditional jump or move depends on uninitialised value(s)

==29406==    at 0x162A2AF: delete_dynamic (array.c:301)

==29406==    by 0x1630CF8: my_hash_free (hash.c:158)

==29406==    by 0x82301C: Rpl_filter::set_do_table(char const*) (rpl_filter.cc:358)

==29406==    by 0xAEF693: Sys_var_rpl_filter::set_filter_value(char const*, Master_info*) (sys_vars.cc:5028)

==29406==    by 0xAEF5B2: Sys_var_rpl_filter::global_update(THD*, set_var*) (sys_vars.cc:5007)

==29406==    by 0x828468: sys_var::update(THD*, set_var*) (set_var.cc:208)

==29406==    by 0x82A1DB: set_var::update(THD*) (set_var.cc:837)

==29406==    by 0x829E6F: sql_set_variables(THD*, List<set_var_base>*, bool) (set_var.cc:740)

==29406==    by 0x94A026: mysql_execute_command(THD*) (sql_parse.cc:4942)

==29406==    by 0x953DF2: mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) (sql_parse.cc:7896)

==29406==    by 0x9401E0: dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) (sql_parse.cc:1834)

==29406==    by 0x93E981: do_command(THD*) (sql_parse.cc:1352)

==29406==    by 0xACEF0D: do_handle_one_connection(CONNECT*) (sql_connect.cc:1412)

==29406==    by 0xACEC5C: handle_one_connection (sql_connect.cc:1316)

==29406==    by 0x15252D7: pfs_spawn_thread (pfs.cc:1869)

==29406==    by 0x5B436DA: start_thread (pthread_create.c:463)

^ Found warnings in /home/sujatha/bug_repo/test-10.4/bld/mysql-test/var/log/mysqld.1.err

==8717==    by 0x15252D7: pfs_spawn_thread (pfs.cc:1869)

==8717==    by 0x5B436DA: start_thread (pthread_create.c:463)

==8717==    by 0x6A0AA3E: clone (clone.S:95)

==8717== Conditional jump or move depends on uninitialised value(s)

==8717==    at 0x162A2AF: delete_dynamic (array.c:301)

==8717==    by 0x8232E3: Rpl_filter::set_wild_do_table(char const*) (rpl_filter.cc:420)

==8717==    by 0xAEF6EA: Sys_var_rpl_filter::set_filter_value(char const*, Master_info*) (sys_vars.cc:5037)

==8717==    by 0xAEF5B2: Sys_var_rpl_filter::global_update(THD*, set_var*) (sys_vars.cc:5007)

==8717==    by 0x828468: sys_var::update(THD*, set_var*) (set_var.cc:208)

==8717==    by 0x82A1DB: set_var::update(THD*) (set_var.cc:837)

==8717==    by 0x829E6F: sql_set_variables(THD*, List<set_var_base>*, bool) (set_var.cc:740)

==8717==    by 0x94A026: mysql_execute_command(THD*) (sql_parse.cc:4942)

==8717==    by 0x953DF2: mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) (sql_parse.cc:7896)

==8717==    by 0x9401E0: dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) (sql_parse.cc:1834)

==8717==    by 0x93E981: do_command(THD*) (sql_parse.cc:1352)

==8717==    by 0xACEF0D: do_handle_one_connection(CONNECT*) (sql_connect.cc:1412)

==8717==    by 0xACEC5C: handle_one_connection (sql_connect.cc:1316)

==8717==    by 0x15252D7: pfs_spawn_thread (pfs.cc:1869)

==8717==    by 0x5B436DA: start_thread (pthread_create.c:463)

==8717==    by 0x6A0AA3E: clone (clone.S:95)

[MDEV-23534] SIGSEGV in sf_malloc_usable_size/my_free on SET GLOBAL REPLICATE_DO_TABLE Created: 2020-08-22 Updated: 2021-04-15 Resolved: 2020-09-02
Status:	Closed
Project:	MariaDB Server
Component/s:	Replication
Affects Version/s:	10.1, 10.2, 10.3, 10.4
Fix Version/s:	10.1.48, 10.2.35, 10.3.26, 10.4.16

[MDEV-23534] SIGSEGV in sf_malloc_usable_size/my_free on SET GLOBAL REPLICATE_DO_TABLE Created: 2020-08-22 Updated: 2021-04-15 Resolved: 2020-09-02