From 45cabf10175da1ae2d158ea17ccd6e19f461d6f4 Mon Sep 17 00:00:00 2001 From: Sergei Golubchik Date: Thu, 28 Jun 2018 16:17:21 +0200 Subject: [PATCH] MDEV-16615 ASAN SEGV in handler::print_error or server crash after error upon CREATE TABLE table->in_use is not always set and a KILL signal can arrive anytime. --- mysql-test/r/max_statement_time.result | 3 +++ mysql-test/t/max_statement_time.test | 8 ++++++++ sql/handler.cc | 4 ++-- 3 files changed, 13 insertions(+), 2 deletions(-) diff --git a/mysql-test/r/max_statement_time.result b/mysql-test/r/max_statement_time.result index 44ee03b813a..a87a899b575 100644 --- a/mysql-test/r/max_statement_time.result +++ b/mysql-test/r/max_statement_time.result @@ -181,3 +181,6 @@ ERROR 70100: Query execution was interrupted (max_statement_time exceeded) set max_statement_time = 0; drop procedure pr; drop table t1; +SET max_statement_time= 1; +CREATE TABLE t ENGINE=InnoDB SELECT * FROM seq_1_to_50000; +ERROR 70100: Query execution was interrupted (max_statement_time exceeded) diff --git a/mysql-test/t/max_statement_time.test b/mysql-test/t/max_statement_time.test index 0882daff139..24b6d9311f2 100644 --- a/mysql-test/t/max_statement_time.test +++ b/mysql-test/t/max_statement_time.test @@ -5,6 +5,7 @@ --source include/not_embedded.inc --source include/have_innodb.inc +--source include/have_sequence.inc --source include/not_valgrind.inc --echo @@ -226,3 +227,10 @@ call pr(); set max_statement_time = 0; drop procedure pr; drop table t1; + +# +# MDEV-16615 ASAN SEGV in handler::print_error or server crash after error upon CREATE TABLE +# +SET max_statement_time= 1; +--error ER_STATEMENT_TIMEOUT +CREATE TABLE t ENGINE=InnoDB SELECT * FROM seq_1_to_50000; diff --git a/sql/handler.cc b/sql/handler.cc index 35b0814ef79..9c319b995da 100644 --- a/sql/handler.cc +++ b/sql/handler.cc @@ -3413,8 +3413,8 @@ void handler::print_error(int error, myf errflag) break; case HA_ERR_ABORTED_BY_USER: { - DBUG_ASSERT(table->in_use->killed); - table->in_use->send_kill_message(); + DBUG_ASSERT(ha_thd()->killed); + ha_thd()->send_kill_message(); DBUG_VOID_RETURN; } case HA_ERR_WRONG_MRG_TABLE_DEF: