MDEV-28597: double free in maria_open()bb-10.2-danielblack-MDEV-28597-aria-double-free

disk_cache is freed error handling functions. Because we've freed this earlier in maria_open, disk_cache is assigning to 0 (like the 10.3+ commit c127a1ba1450) to prevents the double free happing in the error path that can be triggered later in this function.
author: Daniel Black <daniel@mariadb.org> 2022-05-20 09:31:18 +1000
committer: Daniel Black <daniel@mariadb.org> 2022-05-26 08:53:23 +1000
commit: de1b9925650bb6e079ece924ba1b8d2f2124c731 (patch)
tree: ebe9b50a2d4e167ea591ac76a2e9bf737e7cfed7
parent: 0ba528fe56f6c637d9fbc9d177a62610038fd519 (diff)
download: mariadb-git-bb-10.2-danielblack-MDEV-28597-aria-double-free.tar.gz
1 files changed, 1 insertions, 0 deletions
diff --git a/storage/maria/ma_open.c b/storage/maria/ma_open.c
index 87bded7ed50..68e07526601 100644
--- a/storage/maria/ma_open.c
+++ b/storage/maria/ma_open.c
@@ -900,6 +900,7 @@ MARIA_HA *maria_open(const char *name, int mode, uint open_flags)
 					(keys ? MARIA_INDEX_BLOCK_MARGIN *
 					 share->block_size * keys : 0));
     my_free(disk_cache);
+    disk_cache= 0;
     _ma_setup_functions(share);
     max_data_file_length= share->base.max_data_file_length;
     if ((*share->once_init)(share, info.dfile.file))
author	Daniel Black <daniel@mariadb.org>	2022-05-20 09:31:18 +1000
committer	Daniel Black <daniel@mariadb.org>	2022-05-26 08:53:23 +1000
commit	de1b9925650bb6e079ece924ba1b8d2f2124c731 (patch)
tree	ebe9b50a2d4e167ea591ac76a2e9bf737e7cfed7
parent	0ba528fe56f6c637d9fbc9d177a62610038fd519 (diff)
download	mariadb-git-bb-10.2-danielblack-MDEV-28597-aria-double-free.tar.gz