MDEV-24868 Server crashes in optimize_schema_tables_memory_usage afte…

…r select from information_schema.innodb_sys_columns optimize_schema_tables_memory_usage() crashed when its argument included TABLE struct that was not fully initialized. To prevent such a crash, we check if a table is an information schema table at the beginning of each iteration. Closes #1768
MariaDB · Mar 8, 2021 · 75f781f · 75f781f
1 parent ecc1cd2
commit 75f781f
Show file tree

Hide file tree

Showing 3 changed files with 23 additions and 3 deletions.
diff --git a/mysql-test/main/information_schema.result b/mysql-test/main/information_schema.result
@@ -2316,5 +2316,12 @@ count(*)
 2
 DROP TABLE t1;
 #
+# MDEV-24868 Server crashes in optimize_schema_tables_memory_usage after select from information_schema.innodb_sys_columns
+#
+create table t1 ( name varchar(64) character set utf8, len int);
+select * from t1 where (name, len) in (select  name, len from information_schema.innodb_sys_columns having len = 8);
+name	len
+drop table t1;
+#
 # End of 10.3 tests
 #
diff --git a/mysql-test/main/information_schema.test b/mysql-test/main/information_schema.test
@@ -2044,6 +2044,14 @@ INSERT INTO t1 VALUES ('2012-12-12'),('2021-11-11');
 SELECT count(*) FROM t1 AS t1a LEFT JOIN (t1 AS t1b JOIN INFORMATION_SCHEMA.ROUTINES) ON (t1b.a IS NULL);
 SELECT count(*) FROM t1 AS t1a LEFT JOIN (t1 AS t1b JOIN INFORMATION_SCHEMA.PROFILING) ON (t1b.a IS NULL);
 DROP TABLE t1;
+
+--echo #
+--echo # MDEV-24868 Server crashes in optimize_schema_tables_memory_usage after select from information_schema.innodb_sys_columns
+--echo #
+create table t1 ( name varchar(64) character set utf8, len int);
+select * from t1 where (name, len) in (select  name, len from information_schema.innodb_sys_columns having len = 8);
+drop table t1;
+
 --echo #
 --echo # End of 10.3 tests
 --echo #
diff --git a/sql/sql_show.cc b/sql/sql_show.cc
@@ -8672,14 +8672,19 @@ static bool optimize_for_get_all_tables(THD *thd, TABLE_LIST *tables, COND *cond
 
 bool optimize_schema_tables_memory_usage(List<TABLE_LIST> &tables)
 {
+  DBUG_ENTER("optimize_schema_tables_memory_usage");
+
   List_iterator<TABLE_LIST> tli(tables);
 
   while (TABLE_LIST *table_list= tli++)
   {
+    if (!table_list->schema_table)
+      continue;
+
     TABLE *table= table_list->table;
     THD *thd=table->in_use;
 
-    if (!table_list->schema_table || !thd->fill_information_schema_tables())
+    if (!thd->fill_information_schema_tables())
       continue;
 
     if (!table->is_created())
@@ -8726,10 +8731,10 @@ bool optimize_schema_tables_memory_usage(List<TABLE_LIST> &tables)
       // TODO switch from Aria to Memory if all blobs were optimized away?
       if (instantiate_tmp_table(table, p->keyinfo, p->start_recinfo, &p->recinfo,
                    table_list->select_lex->options | thd->variables.option_bits))
-        return 1;
+        DBUG_RETURN(1);
     }
   }
-  return 0;
+  DBUG_RETURN(0);
 }