Skip to content

Commit c293124

Browse files
vuvovavuvova
committed
MDEV-14750 Valgrind Invalid read, ASAN heap-use-after-free in Item_ident::print upon SHOW CREATE on partitioned table
items in the partitioning function were taking the table name from the table's field (in set_field(from_field) in Item_field::fix_fields) and field's table_name is TABLE::alias. But alias is changed for every statement, and can be realloced if next statement uses a longer alias. But partitioning items are fixed once and live as long as the TABLE does. So if an alias is realloced, pointers to the old alias string will become invalid. Fix partitioning item table_name to point to the actual table name instead.
1 parent c14c958 commit c293124

File tree

3 files changed

+25
-0
lines changed

3 files changed

+25
-0
lines changed

mysql-test/suite/parts/r/quoting.result renamed to mysql-test/suite/parts/r/show_create.result

Lines changed: 12 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -91,3 +91,15 @@ t2 CREATE TABLE "t2" (
9191
PARTITION BY RANGE ("f1")
9292
(PARTITION "p1" VALUES LESS THAN MAXVALUE ENGINE = MyISAM)
9393
drop table t1, t2;
94+
set sql_mode=default;
95+
create table t_partition (f1 int) partition by hash(f1) partitions 2;
96+
select * from t_partition as tbl;
97+
f1
98+
show create table t_partition;
99+
Table Create Table
100+
t_partition CREATE TABLE `t_partition` (
101+
`f1` int(11) DEFAULT NULL
102+
) ENGINE=MyISAM DEFAULT CHARSET=latin1
103+
PARTITION BY HASH (`f1`)
104+
PARTITIONS 2
105+
drop table t_partition;

mysql-test/suite/parts/t/quoting.test renamed to mysql-test/suite/parts/t/show_create.test

Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -30,3 +30,12 @@ set sql_mode=ansi_quotes;
3030
show create table t1;
3131
show create table t2;
3232
drop table t1, t2;
33+
set sql_mode=default;
34+
35+
#
36+
# MDEV-14750 Valgrind Invalid read, ASAN heap-use-after-free in Item_ident::print upon SHOW CREATE on partitioned table
37+
#
38+
create table t_partition (f1 int) partition by hash(f1) partitions 2;
39+
select * from t_partition as tbl;
40+
show create table t_partition;
41+
drop table t_partition;

sql/item.cc

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -5766,6 +5766,10 @@ bool Item_field::post_fix_fields_part_expr_processor(void *int_arg)
57665766
DBUG_ASSERT(fixed);
57675767
if (field->vcol_info)
57685768
field->vcol_info->mark_as_in_partitioning_expr();
5769+
/*
5770+
Update table_name to be real table name, not the alias. Because alias is
5771+
reallocated for every statement, and this item has a long life time */
5772+
table_name= field->table->s->table_name.str;
57695773
return FALSE;
57705774
}
57715775

0 commit comments

Comments
 (0)