MDEV-22590 SIGSEGV in flush_all_key_blocks when changing key_buffer_size / ASAN: heap-use-after-free in flush_all_key_blocks

sanja-byelkin · sanja-byelkin · commit 5feb60ce186a · 2022-06-24T10:03:23.000+02:00
Take into account that in preparation of a simple key cache for resizing no disk blocks might be assigned to it.

Reviewer: IgorBabaev &lt;igor@mariadb.com&gt;
diff --git a/mysql-test/main/key_cache.result b/mysql-test/main/key_cache.result
@@ -834,3 +834,25 @@ set global keycache2.key_buffer_size=0;
 set global key_buffer_size=@save_key_buffer_size;
 set global key_cache_segments=@save_key_cache_segments;
 set global key_cache_file_hash_size=@save_key_cache_file_hash_size;
+#
+# SIGSEGV in flush_all_key_blocks when changing
+# key_buffer_size / ASAN: heap-use-after-free in flush_all_key_blocks
+#
+SET GLOBAL keycache1.key_cache_segments=7;
+SET GLOBAL keycache1.key_buffer_size=1*1024*1024;
+SET GLOBAL keycache1.key_buffer_size=0;
+SET GLOBAL keycache1.key_buffer_size=128*1024;
+create table t1 (p int primary key, a char(10)) delay_key_write=1;
+cache index t1 key (`primary`) in keycache1;
+Table	Op	Msg_type	Msg_text
+test.t1	assign_to_keycache	status	OK
+insert into t1 values (1, 'qqqq'), (11, 'yyyy');
+select * from t1;
+p	a
+1	qqqq
+11	yyyy
+drop table t1;
+SET GLOBAL keycache1.key_buffer_size=0;
+#
+# End of 10.3 tests
+#
diff --git a/mysql-test/main/key_cache.test b/mysql-test/main/key_cache.test
@@ -538,3 +538,24 @@ set global key_cache_segments=@save_key_cache_segments;
 set global key_cache_file_hash_size=@save_key_cache_file_hash_size;
 
 # End of 5.2 tests
+
+--echo #
+--echo # SIGSEGV in flush_all_key_blocks when changing
+--echo # key_buffer_size / ASAN: heap-use-after-free in flush_all_key_blocks
+--echo #
+
+SET GLOBAL keycache1.key_cache_segments=7;
+SET GLOBAL keycache1.key_buffer_size=1*1024*1024;
+SET GLOBAL keycache1.key_buffer_size=0;
+SET GLOBAL keycache1.key_buffer_size=128*1024;
+create table t1 (p int primary key, a char(10)) delay_key_write=1;
+cache index t1 key (`primary`) in keycache1;
+insert into t1 values (1, 'qqqq'), (11, 'yyyy');
+select * from t1;
+drop table t1;
+SET GLOBAL keycache1.key_buffer_size=0;
+
+
+--echo #
+--echo # End of 10.3 tests
+--echo #
diff --git a/mysys/mf_keycache.c b/mysys/mf_keycache.c
@@ -701,7 +701,7 @@ int prepare_resize_simple_key_cache(SIMPLE_KEY_CACHE_CB *keycache,
   keycache->in_resize= 1;
 
   /* Need to flush only if keycache is enabled. */
-  if (keycache->can_be_used)
+  if (keycache->can_be_used && keycache->disk_blocks != -1)
   {
     /* Start the flush phase. */
     keycache->resize_in_flush= 1;

Original file line number	Diff line number	Diff line change
`@@ -701,7 +701,7 @@ int prepare_resize_simple_key_cache(SIMPLE_KEY_CACHE_CB *keycache,`
`701`	`701`	`keycache->in_resize= 1;`
`702`	`702`
`703`	`703`	`/* Need to flush only if keycache is enabled. */`
`704`		`- if (keycache->can_be_used)`
	`704`	`+ if (keycache->can_be_used && keycache->disk_blocks != -1)`
`705`	`705`	`{`
`706`	`706`	`/* Start the flush phase. */`
`707`	`707`	`keycache->resize_in_flush= 1;`