MDEV-21045 AddressSanitizer: use-after-poison in mem_heap_dup / row_l…

…og_table_get_pk_col row_log_table_get_pk_col(): read instant field value from instant alter table when it's required.
MariaDB · Nov 21, 2019 · a145442 · a145442
1 parent 24a279b
commit a145442
Show file tree

Hide file tree

Showing 3 changed files with 48 additions and 0 deletions.
diff --git a/mysql-test/suite/innodb/r/instant_alter_debug.result b/mysql-test/suite/innodb/r/instant_alter_debug.result
@@ -264,3 +264,21 @@ a	b	vb
 5	NULL	NULL
 DROP TABLE t1;
 SET GLOBAL innodb_purge_rseg_truncate_frequency = @save_frequency;
+#
+# MDEV-21045 AddressSanitizer: use-after-poison in mem_heap_dup / row_log_table_get_pk_col
+#
+CREATE TABLE t1 (a TEXT) ENGINE = InnoDB ROW_FORMAT=REDUNDANT;
+INSERT INTO t1 (a) VALUES ('foo');
+ALTER TABLE t1 ADD COLUMN b INT DEFAULT 0,algorithm=instant;
+connect  con2,localhost,root,,test;
+SET DEBUG_SYNC='innodb_inplace_alter_table_enter SIGNAL onlinealter WAIT_FOR update';
+ALTER TABLE t1 ADD PRIMARY KEY (b);
+connection default;
+SET DEBUG_SYNC='now WAIT_FOR onlinealter';
+UPDATE t1 SET b = 1;
+SET DEBUG_SYNC='now SIGNAL update';
+connection con2;
+connection default;
+SET DEBUG_SYNC='RESET';
+disconnect con2;
+DROP TABLE t1;
diff --git a/mysql-test/suite/innodb/t/instant_alter_debug.test b/mysql-test/suite/innodb/t/instant_alter_debug.test
@@ -293,3 +293,29 @@ SELECT * FROM t1;
 DROP TABLE t1;
 
 SET GLOBAL innodb_purge_rseg_truncate_frequency = @save_frequency;
+
+--echo #
+--echo # MDEV-21045 AddressSanitizer: use-after-poison in mem_heap_dup / row_log_table_get_pk_col
+--echo #
+CREATE TABLE t1 (a TEXT) ENGINE = InnoDB ROW_FORMAT=REDUNDANT;
+INSERT INTO t1 (a) VALUES ('foo');
+
+ALTER TABLE t1 ADD COLUMN b INT DEFAULT 0,algorithm=instant;
+
+--connect (con2,localhost,root,,test)
+SET DEBUG_SYNC='innodb_inplace_alter_table_enter SIGNAL onlinealter WAIT_FOR update';
+--send
+ALTER TABLE t1 ADD PRIMARY KEY (b);
+
+--connection default
+SET DEBUG_SYNC='now WAIT_FOR onlinealter';
+UPDATE t1 SET b = 1;
+SET DEBUG_SYNC='now SIGNAL update';
+
+--connection con2
+--reap
+
+--connection default
+SET DEBUG_SYNC='RESET';
+--disconnect con2
+DROP TABLE t1;
diff --git a/storage/innobase/row/row0log.cc b/storage/innobase/row/row0log.cc
@@ -1164,6 +1164,10 @@ row_log_table_get_pk_col(
 
 	field = rec_get_nth_field(rec, offsets, i, &len);
 
+	if (len == UNIV_SQL_DEFAULT) {
+		field = log->instant_field_value(i, &len);
+	}
+
 	if (len == UNIV_SQL_NULL) {
 		if (!log->allow_not_null) {
 			return(DB_INVALID_NULL);