MDEV-31226 Server crash or assertion failure with row size close to j…

…oin_buffer_size The problem was that JOIN_CACHE::alloc_buffer() did not check if the given join_buffer_value is less than the query require. Added a check for this and disabled join cache if it cannot be used.
MariaDB · May 27, 2023 · d657f18 · d657f18
1 parent 832b157
commit d657f18
Show file tree

Hide file tree

Showing 3 changed files with 43 additions and 0 deletions.
diff --git a/mysql-test/main/join_cache.result b/mysql-test/main/join_cache.result
@@ -6233,3 +6233,26 @@ set @@optimizer_switch=@save_optimizer_switch;
 set global innodb_stats_persistent= @innodb_stats_persistent_save;
 set global innodb_stats_persistent_sample_pages=
 @innodb_stats_persistent_sample_pages_save;
+#
+# MDEV-31226 Server crash or assertion failure with row size close to
+# join_buffer_size
+#
+set @org_optimizer_switch=@@optimizer_switch;
+set @org_join_buffer_size=@@join_buffer_size;
+CREATE TABLE t (f VARCHAR(16384)) ENGINE=MyISAM CHARACTER SET utf8;
+INSERT INTO t VALUES (REPEAT('a',16384)),(REPEAT('b',16384));
+SET OPTIMIZER_SWITCH = 'optimize_join_buffer_size=off';
+SET JOIN_BUFFER_SIZE = 16384;
+explain SELECT length(concat(t1.f,t2.f)) FROM t t1, t t2;
+id	select_type	table	type	possible_keys	key	key_len	ref	rows	Extra
+1	SIMPLE	t1	ALL	NULL	NULL	NULL	NULL	2	
+1	SIMPLE	t2	ALL	NULL	NULL	NULL	NULL	2	
+SELECT length(concat(t1.f,t2.f)) FROM t t1, t t2;
+length(concat(t1.f,t2.f))
+32768
+32768
+32768
+32768
+DROP TABLE t;
+set @@optimizer_switch=@org_optimizer_switch;
+set @@join_buffer_size=@org_join_buffer_size;
diff --git a/mysql-test/main/join_cache.test b/mysql-test/main/join_cache.test
@@ -4207,3 +4207,20 @@ set @@optimizer_switch=@save_optimizer_switch;
 set global innodb_stats_persistent= @innodb_stats_persistent_save;
 set global innodb_stats_persistent_sample_pages=
              @innodb_stats_persistent_sample_pages_save;
+
+--echo #
+--echo # MDEV-31226 Server crash or assertion failure with row size close to
+--echo # join_buffer_size
+--echo #
+
+set @org_optimizer_switch=@@optimizer_switch;
+set @org_join_buffer_size=@@join_buffer_size;
+CREATE TABLE t (f VARCHAR(16384)) ENGINE=MyISAM CHARACTER SET utf8;
+INSERT INTO t VALUES (REPEAT('a',16384)),(REPEAT('b',16384));
+SET OPTIMIZER_SWITCH = 'optimize_join_buffer_size=off';
+SET JOIN_BUFFER_SIZE = 16384;
+explain SELECT length(concat(t1.f,t2.f)) FROM t t1, t t2;
+SELECT length(concat(t1.f,t2.f)) FROM t t1, t t2;
+DROP TABLE t;
+set @@optimizer_switch=@org_optimizer_switch;
+set @@join_buffer_size=@org_join_buffer_size;
diff --git a/sql/sql_join_cache.cc b/sql/sql_join_cache.cc
@@ -945,6 +945,9 @@ int JOIN_CACHE::alloc_buffer()
                                   join_buff_space_limit))
       goto fail;                                // Fatal error
   }
+  else if (curr_min_buff_space_sz > buff_size)
+    goto fail;
+
   if (for_explain_only)
     return 0;