From e7208bd93445ee233d72c8fd9413a4c83043b123 Mon Sep 17 00:00:00 2001 From: Nayuta Yanagisawa Date: Tue, 21 Sep 2021 20:22:56 +0900 Subject: [PATCH] MDEV-26158 SIGSEGV in spider_free_mem from ha_spider::open on INSERT The server crashes due to passing NULL to spider_free(). In some cases, this == pt_handler_share_handlers[0] at the label error_get_share in ha_spider::open(). In such cases, to nullify pt_handler_share_handlers[0]->wide_handler is nothing but to nullify this->wide_handler. We should not do this before freeing this->wide_handler. --- storage/spider/ha_spider.cc | 2 +- .../spider/bugfix/r/mdev_26158.result | 27 ++++++++++++++++ .../mysql-test/spider/bugfix/t/mdev_26158.cnf | 3 ++ .../spider/bugfix/t/mdev_26158.test | 31 +++++++++++++++++++ 4 files changed, 62 insertions(+), 1 deletion(-) create mode 100644 storage/spider/mysql-test/spider/bugfix/r/mdev_26158.result create mode 100644 storage/spider/mysql-test/spider/bugfix/t/mdev_26158.cnf create mode 100644 storage/spider/mysql-test/spider/bugfix/t/mdev_26158.test diff --git a/storage/spider/ha_spider.cc b/storage/spider/ha_spider.cc index 6cee49cd6da..bbbe76cec74 100644 --- a/storage/spider/ha_spider.cc +++ b/storage/spider/ha_spider.cc @@ -659,13 +659,13 @@ error_partition_handler_share_alloc: error_get_share: if (wide_handler_alloc) { + spider_free(spider_current_trx, wide_handler, MYF(0)); #ifdef WITH_PARTITION_STORAGE_ENGINE if (pt_handler_share_handlers) { pt_handler_share_handlers[0]->wide_handler = NULL; } #endif - spider_free(spider_current_trx, wide_handler, MYF(0)); spider->wide_handler = NULL; owner->wide_handler = NULL; owner->wide_handler_owner = FALSE; diff --git a/storage/spider/mysql-test/spider/bugfix/r/mdev_26158.result b/storage/spider/mysql-test/spider/bugfix/r/mdev_26158.result new file mode 100644 index 00000000000..2870dab2702 --- /dev/null +++ b/storage/spider/mysql-test/spider/bugfix/r/mdev_26158.result @@ -0,0 +1,27 @@ +# +# MDEV-26158 SIGSEGV in spider_free_mem from ha_spider::open on INSERT +# +for master_1 +for child2 +child2_1 +child2_2 +child2_3 +for child3 +connection master_1; +CREATE DATABASE auto_test_local; +USE auto_test_local; +CREATE TABLE t ( +c INT +) ENGINE=Spider DEFAULT CHARSET=utf8 COMMENT='table "tbl_a"' +PARTITION BY LIST COLUMNS(`c`) ( +PARTITION `pt1` DEFAULT COMMENT = 'srv "s_2_1"' +); +INSERT INTO t SELECT * FROM t; +ERROR 42000: Unknown database 'auto_test_remote' +DROP DATABASE auto_test_local; +for master_1 +for child2 +child2_1 +child2_2 +child2_3 +for child3 diff --git a/storage/spider/mysql-test/spider/bugfix/t/mdev_26158.cnf b/storage/spider/mysql-test/spider/bugfix/t/mdev_26158.cnf new file mode 100644 index 00000000000..05dfd8a0bce --- /dev/null +++ b/storage/spider/mysql-test/spider/bugfix/t/mdev_26158.cnf @@ -0,0 +1,3 @@ +!include include/default_mysqld.cnf +!include ../my_1_1.cnf +!include ../my_2_1.cnf diff --git a/storage/spider/mysql-test/spider/bugfix/t/mdev_26158.test b/storage/spider/mysql-test/spider/bugfix/t/mdev_26158.test new file mode 100644 index 00000000000..0484d2b6652 --- /dev/null +++ b/storage/spider/mysql-test/spider/bugfix/t/mdev_26158.test @@ -0,0 +1,31 @@ +--echo # +--echo # MDEV-26158 SIGSEGV in spider_free_mem from ha_spider::open on INSERT +--echo # + +--disable_query_log +--disable_result_log +--source ../../t/test_init.inc +--enable_result_log +--enable_query_log + +--connection master_1 +CREATE DATABASE auto_test_local; +USE auto_test_local; + +eval CREATE TABLE t ( + c INT +) $MASTER_1_ENGINE $MASTER_1_CHARSET COMMENT='table "tbl_a"' +PARTITION BY LIST COLUMNS(`c`) ( + PARTITION `pt1` DEFAULT COMMENT = 'srv "s_2_1"' +); + +--error ER_BAD_DB_ERROR +INSERT INTO t SELECT * FROM t; + +DROP DATABASE auto_test_local; + +--disable_query_log +--disable_result_log +--source ../../t/test_deinit.inc +--enable_result_log +--enable_query_log