database/mariadb
1
0
Fork 0
mirror of https://github.com/MariaDB/server.git synced 2025-08-08 11:22:35 +03:00
Code Activity

MDEV-31764: ASAN use-after-poison in trace_engine_stats in ANALYZE JSON

Browse Source 
Do not attempt to produce "r_engine_stats" on the temporary (=work) tables.
These tables may be
- re-created during the query execution
- freed during the query execution (This is done e.g. in JOIN::cleanup(),
  before we produce ANALYZE FORMAT=JSON output).

- (Also, make save_explain_data() functions not set handler_for_stats
  to point to handler objects that do not have handler->handler_stats set.
  If the storage engine is not collecting handler_stats, it will not have
  them when we're producing ANALYZE FORMAT=JSON output, either).
This commit is contained in:
Sergei Petrunia
2023-08-01 13:29:06 +03:00
parent 138717b16f
commit 691e964d23
5 changed files with 105 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
sql/sql_explain.h
View File

@@ -845,12 +845,18 @@ public:
Gap_time_tracker extra_time_tracker;
/*
Note: This pointer is only valid until notify_tables_are_closed() is
called. After that, the tables may be freed or reused, together with their
handler_stats objects.
Handler object to get the handler_stats from.
Notes:
This pointer is only valid until notify_tables_are_closed() is called.
After that, the tables may be freed or reused, together with their
handler_stats objects.
notify_tables_are_closed() disables printing of FORMAT=JSON output.
r_engine_stats is only printed in FORMAT=JSON output, so we're fine.
We do not store pointers to temporary (aka "work") tables here.
Temporary tables may be freed (e.g. by JOIN::cleanup()) or re-created
during query execution (when HEAP table is converted into Aria).
*/
handler *handler_for_stats;