database/mariadb
1
0
Fork 0
mirror of https://github.com/MariaDB/server.git synced 2025-08-08 11:22:35 +03:00
Code Activity

MDEV-21341: Fix UBSAN failures: Issue Six

Browse Source 
(Variant #2 of the patch, which keeps the sp_head object inside the
MEM_ROOT that sp_head object owns)
(10.3 requires extra work due to sp_package, will commit a separate
patch for it)

sp_head::operator new() and operator delete() were dereferencing sp_head*
pointers to memory that didn't hold a valid sp_head object (it was
not created/already destroyed).
This caused UBSan to crash when looking up type information.

Fixed by providing static sp_head::create() and sp_head::destroy() methods.
This commit is contained in:
Sergei Petrunia
2020-01-12 20:50:12 +02:00
parent cb204e11ea
commit 5e5ae51b73
10 changed files with 52 additions and 59 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
sql/sql_parse.cc
View File

@@ -4347,7 +4347,7 @@ mysql_execute_command(THD *thd)
/* Don't do it, if we are inside a SP */
if (!thd->spcont)
{
delete lex->sphead;
sp_head::destroy(lex->sphead);
lex->sphead= NULL;
}
/* lex->unit.cleanup() is called outside, no need to call it here */