database/mariadb
1
0
Fork 0
mirror of https://github.com/MariaDB/server.git synced 2025-07-29 05:21:33 +03:00
Code Activity

MDEV-21341: Fix UBSAN failures: Issue Six

Browse Source 
(Variant #2 of the patch, which keeps the sp_head object inside the
MEM_ROOT that sp_head object owns)
(10.3 version of the fix, with handling for class sp_package)

sp_head::operator new() and operator delete() were dereferencing sp_head*
pointers to memory that didn't hold a valid sp_head object (it was
not created/already destroyed).
This caused UBSan to crash when looking up type information.

Fixed by providing static sp_head::create() and sp_head::destroy() methods.
This commit is contained in:
Sergei Petrunia
2020-01-12 22:15:55 +03:00
parent 9c3eca8514
commit d531b4ee3a
9 changed files with 71 additions and 55 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
sql/sql_show.cc
View File

@ -6331,7 +6331,7 @@ bool store_schema_params(THD *thd, TABLE *table, TABLE *proc_table,
{
free_table_share(&share);
if (free_sp_head)
delete sp;
sp_head::destroy(sp);
DBUG_RETURN(1);
}
}
@ -6378,7 +6378,7 @@ bool store_schema_params(THD *thd, TABLE *table, TABLE *proc_table,
}
}
if (free_sp_head)
delete sp;
sp_head::destroy(sp);
}
free_table_share(&share);
DBUG_RETURN(error);
@ -6457,7 +6457,7 @@ bool store_schema_proc(THD *thd, TABLE *table, TABLE *proc_table,
store_column_type(table, field, cs, 5);
free_table_share(&share);
if (free_sp_head)
delete sp;
sp_head::destroy(sp);
}
}