From 0a84f04e8c4b59fefd8263b0339774d4573b0312 Mon Sep 17 00:00:00 2001
From: Serguey Zefirov <serguey.zefirov@mariadb.com>
Date: Mon, 23 Jun 2025 15:20:40 +0300
Subject: [PATCH] chore(MCOL-6018) Fix use-after-free in PrimProc

This simple patch splits loop which invalidated iterators used, causing
use-after-free, potential prodeuction crash and actual crash under ASAN.
---
 primitives/blockcache/filebuffermgr.cpp | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/primitives/blockcache/filebuffermgr.cpp b/primitives/blockcache/filebuffermgr.cpp
index 8ddc3d3f3..fbdc2cb68 100644
--- a/primitives/blockcache/filebuffermgr.cpp
+++ b/primitives/blockcache/filebuffermgr.cpp
@@ -293,9 +293,12 @@ void FileBufferMgr::flushOIDs(const uint32_t* oids, uint32_t count)
         {
           fbList.erase(fFBPool[tmpIt->second->poolIdx].listLoc());
           fEmptyPoolSlots.push_back(tmpIt->second->poolIdx);
-          fbSet.erase(tmpIt->second);
           fCacheSize--;
         }
+        for (byLBID_t::iterator tmpIt = itList.first; tmpIt != itList.second; tmpIt++)
+        {
+          fbSet.erase(tmpIt->second);
+        }
       }
     }
   }