From e19915d5d282901a026e0659028e48e20544565f Mon Sep 17 00:00:00 2001
From: Sergei Golubchik <serg@mariadb.org>
Date: Thu, 10 May 2018 19:45:09 +0200
Subject: [PATCH] MDEV-15746 ASAN heap-use-after-free in
 Item_change_list::rollback_item_tree_changes on ALTER executed as PS

10.3+ fix

On ALTER TABLE, if a non-changed column default
might need a charset conversion, it must
be a blob. Because blob's defaults ar stored
as expressions, and for any other type
a basic_const_item() will be in the record,
so it'll have correct charset and won't need
converting. For the same reason it makes no
sense to convert blob defaults (and it's
unsafe, see MDEV-15746).

test case is already in main/ps.test
---
 sql/sql_table.cc | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/sql/sql_table.cc b/sql/sql_table.cc
index 51f1fa83ccb..4da5b593a1a 100644
--- a/sql/sql_table.cc
+++ b/sql/sql_table.cc
@@ -3191,8 +3191,10 @@ bool Column_definition::prepare_stage1_string(THD *thd,
     Convert the default value from client character
     set into the column character set if necessary.
     We can only do this for constants as we have not yet run fix_fields.
+    But not for blobs, as they will be stored as SQL expressions, not
+    written down into the record image.
   */
-  if (default_value &&
+  if (!(flags & BLOB_FLAG) && default_value &&
       default_value->expr->basic_const_item() &&
       charset != default_value->expr->collation.collation)
   {