MDEV-22590 SIGSEGV in flush_all_key_blocks when changing key_buffer_s…

…ize / ASAN: heap-use-after-free in flush_all_key_blocks Take into account that in preparation of a simple key cache for resizing no disk blocks might be assigned to it. Reviewer: IgorBabaev <igor@mariadb.com>
MariaDB · Jun 24, 2022 · 5feb60c · 5feb60c
1 parent 3e09c61
commit 5feb60c
Show file tree

Hide file tree

Showing 3 changed files with 44 additions and 1 deletion.
diff --git a/mysql-test/main/key_cache.result b/mysql-test/main/key_cache.result
@@ -834,3 +834,25 @@ set global keycache2.key_buffer_size=0;
 set global key_buffer_size=@save_key_buffer_size;
 set global key_cache_segments=@save_key_cache_segments;
 set global key_cache_file_hash_size=@save_key_cache_file_hash_size;
+#
+# SIGSEGV in flush_all_key_blocks when changing
+# key_buffer_size / ASAN: heap-use-after-free in flush_all_key_blocks
+#
+SET GLOBAL keycache1.key_cache_segments=7;
+SET GLOBAL keycache1.key_buffer_size=1*1024*1024;
+SET GLOBAL keycache1.key_buffer_size=0;
+SET GLOBAL keycache1.key_buffer_size=128*1024;
+create table t1 (p int primary key, a char(10)) delay_key_write=1;
+cache index t1 key (`primary`) in keycache1;
+Table	Op	Msg_type	Msg_text
+test.t1	assign_to_keycache	status	OK
+insert into t1 values (1, 'qqqq'), (11, 'yyyy');
+select * from t1;
+p	a
+1	qqqq
+11	yyyy
+drop table t1;
+SET GLOBAL keycache1.key_buffer_size=0;
+#
+# End of 10.3 tests
+#
diff --git a/mysql-test/main/key_cache.test b/mysql-test/main/key_cache.test
@@ -538,3 +538,24 @@ set global key_cache_segments=@save_key_cache_segments;
 set global key_cache_file_hash_size=@save_key_cache_file_hash_size;
 
 # End of 5.2 tests
+
+--echo #
+--echo # SIGSEGV in flush_all_key_blocks when changing
+--echo # key_buffer_size / ASAN: heap-use-after-free in flush_all_key_blocks
+--echo #
+
+SET GLOBAL keycache1.key_cache_segments=7;
+SET GLOBAL keycache1.key_buffer_size=1*1024*1024;
+SET GLOBAL keycache1.key_buffer_size=0;
+SET GLOBAL keycache1.key_buffer_size=128*1024;
+create table t1 (p int primary key, a char(10)) delay_key_write=1;
+cache index t1 key (`primary`) in keycache1;
+insert into t1 values (1, 'qqqq'), (11, 'yyyy');
+select * from t1;
+drop table t1;
+SET GLOBAL keycache1.key_buffer_size=0;
+
+
+--echo #
+--echo # End of 10.3 tests
+--echo #
diff --git a/mysys/mf_keycache.c b/mysys/mf_keycache.c
@@ -701,7 +701,7 @@ int prepare_resize_simple_key_cache(SIMPLE_KEY_CACHE_CB *keycache,
   keycache->in_resize= 1;
 
   /* Need to flush only if keycache is enabled. */
-  if (keycache->can_be_used)
+  if (keycache->can_be_used && keycache->disk_blocks != -1)
   {
     /* Start the flush phase. */
     keycache->resize_in_flush= 1;