database/mariadb
1
0
Fork 0
mirror of https://github.com/MariaDB/server.git synced 2025-08-08 11:22:35 +03:00
Code Activity

MDEV-20971 ASAN heap-use-after-free in list_delete / heap_close

Browse Source 
Don't save/restore HP_INFO as it could be changed by a concurrent thread.
different parts of HP_INFO are protected by different mutexes and
the mutex that protect most of the HP_INFO does not protect its open_list
data.

As a bonus, make heap_check_heap() to take const HP_INFO* and not
make any changes there whatsoever.
This commit is contained in:
Sergei Golubchik
2019-11-04 18:30:48 +01:00
parent 9277b6ec1c
commit cd156e2c3e
2 changed files with 14 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
include/heap.h
View File

@@ -245,7 +245,7 @@ int hp_panic(enum ha_panic_function flag);
int heap_rkey(HP_INFO *info, uchar *record, int inx, const uchar *key,
key_part_map keypart_map, enum ha_rkey_function find_flag);
extern uchar * heap_find(HP_INFO *info,int inx,const uchar *key);
extern int heap_check_heap(HP_INFO *info, my_bool print_status);
extern int heap_check_heap(const HP_INFO *info, my_bool print_status);
extern uchar *heap_position(HP_INFO *info);
/* The following is for programs that uses the old HEAP interface where