From a816aa066e5c879a92819d694a93d245e6ec6e47 Mon Sep 17 00:00:00 2001 From: Monty Date: Wed, 23 May 2018 11:26:49 +0300 Subject: [PATCH] Fixed ASAN heap-use-after-free handler::ha_index_or_rnd_end MDEV-16123 ASAN heap-use-after-free handler::ha_index_or_rnd_end MDEV-13828 Segmentation fault on RENAME TABLE Problem was that destructor called methods for closed table. Fixed by removing code in destructor. --- mysql-test/r/statistics_close.result | 6 ++++++ mysql-test/t/statistics_close.test | 18 ++++++++++++++++++ sql/sql_statistics.cc | 3 ++- 3 files changed, 26 insertions(+), 1 deletion(-) create mode 100644 mysql-test/r/statistics_close.result create mode 100644 mysql-test/t/statistics_close.test diff --git a/mysql-test/r/statistics_close.result b/mysql-test/r/statistics_close.result new file mode 100644 index 00000000000..348681c3311 --- /dev/null +++ b/mysql-test/r/statistics_close.result @@ -0,0 +1,6 @@ +CREATE TABLE t1 (i int); +RENAME TABLE t1 TO t2; +FLUSH TABLES; +DROP TABLE IF EXISTS t1, t2; +Warnings: +Note 1051 Unknown table 'test.t1' diff --git a/mysql-test/t/statistics_close.test b/mysql-test/t/statistics_close.test new file mode 100644 index 00000000000..de22a5a44fe --- /dev/null +++ b/mysql-test/t/statistics_close.test @@ -0,0 +1,18 @@ +# +# MDEV-16123 ASAN heap-use-after-free handler::ha_index_or_rnd_end +# MDEV-13828 Segmentation fault on RENAME TABLE +# + +CREATE TABLE t1 (i int); +--connect (con1,localhost,root,,test) +--send +RENAME TABLE t1 TO t2; +--connection default +FLUSH TABLES; +--connection con1 +--reap + +# Cleanup +--disconnect con1 +--connection default +DROP TABLE IF EXISTS t1, t2; diff --git a/sql/sql_statistics.cc b/sql/sql_statistics.cc index ce320e87a4f..471749ad346 100644 --- a/sql/sql_statistics.cc +++ b/sql/sql_statistics.cc @@ -1376,7 +1376,8 @@ public: ~Stat_table_write_iter() { - cleanup(); + /* Ensure that cleanup has been run */ + DBUG_ASSERT(rowid_buf == 0); } };