From 495153feac652ba521dee603d1d05a45c8caa479 Mon Sep 17 00:00:00 2001 From: Daniel Black Date: Wed, 28 May 2025 11:48:04 +1000 Subject: [PATCH] MDEV-36893 THD::reset_sub_statement_state swaps with uninitialized structure THD::reset_sub_statement_state and THD::restore_sub_staement_state swap auto_inc_intervals_forced(Discrete_intervals_list) of a THD class with a local variable temporary to execute other things before restoring at the end of Table_triggers_list::process_triggers under a rpl_master_erroneous_autoinc(true) condition as exposed by the rpl.rpl_trigger test. The uninitialized data isn't used and the only required action is to copy the data in one direction. As the intent is for the auto_inc_intervals_forced value to be overwritten or unused, MEM_UNDEFINED is used on it to ensure the previous state is considered invalid. The other uses of reset_sub_statement_state in Item_sp::execute_impl also follow the same pattern of taking a copy to restore within the same function. --- sql/sql_class.cc | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/sql/sql_class.cc b/sql/sql_class.cc index 0effdbfcdb5..da8120abaab 100644 --- a/sql/sql_class.cc +++ b/sql/sql_class.cc @@ -5913,7 +5913,8 @@ void THD::reset_sub_statement_state(Sub_statement_state *backup, if (rpl_master_erroneous_autoinc(this)) { DBUG_ASSERT(backup->auto_inc_intervals_forced.nb_elements() == 0); - auto_inc_intervals_forced.swap(&backup->auto_inc_intervals_forced); + backup->auto_inc_intervals_forced.copy_shallow(&auto_inc_intervals_forced); + MEM_UNDEFINED(&auto_inc_intervals_forced, sizeof auto_inc_intervals_forced); } #endif @@ -5961,7 +5962,7 @@ void THD::restore_sub_statement_state(Sub_statement_state *backup) */ if (rpl_master_erroneous_autoinc(this)) { - backup->auto_inc_intervals_forced.swap(&auto_inc_intervals_forced); + auto_inc_intervals_forced.copy_shallow(&backup->auto_inc_intervals_forced); DBUG_ASSERT(backup->auto_inc_intervals_forced.nb_elements() == 0); } #endif