diff options
author | Monty <monty@mariadb.org> | 2018-05-23 11:26:49 +0300 |
---|---|---|
committer | Monty <monty@mariadb.org> | 2018-05-23 11:26:49 +0300 |
commit | a816aa066e5c879a92819d694a93d245e6ec6e47 (patch) | |
tree | 47adefae278ea6f6dfe95b6b32be22d4da7a34be | |
parent | 908676dfd9d981fd0f37a7cf9332abac522f1936 (diff) | |
download | mariadb-git-a816aa066e5c879a92819d694a93d245e6ec6e47.tar.gz |
Fixed ASAN heap-use-after-free handler::ha_index_or_rnd_end
MDEV-16123 ASAN heap-use-after-free handler::ha_index_or_rnd_end
MDEV-13828 Segmentation fault on RENAME TABLE
Problem was that destructor called methods for closed table.
Fixed by removing code in destructor.
-rw-r--r-- | mysql-test/r/statistics_close.result | 6 | ||||
-rw-r--r-- | mysql-test/t/statistics_close.test | 18 | ||||
-rw-r--r-- | sql/sql_statistics.cc | 3 |
3 files changed, 26 insertions, 1 deletions
diff --git a/mysql-test/r/statistics_close.result b/mysql-test/r/statistics_close.result new file mode 100644 index 00000000000..348681c3311 --- /dev/null +++ b/mysql-test/r/statistics_close.result @@ -0,0 +1,6 @@ +CREATE TABLE t1 (i int); +RENAME TABLE t1 TO t2; +FLUSH TABLES; +DROP TABLE IF EXISTS t1, t2; +Warnings: +Note 1051 Unknown table 'test.t1' diff --git a/mysql-test/t/statistics_close.test b/mysql-test/t/statistics_close.test new file mode 100644 index 00000000000..de22a5a44fe --- /dev/null +++ b/mysql-test/t/statistics_close.test @@ -0,0 +1,18 @@ +# +# MDEV-16123 ASAN heap-use-after-free handler::ha_index_or_rnd_end +# MDEV-13828 Segmentation fault on RENAME TABLE +# + +CREATE TABLE t1 (i int); +--connect (con1,localhost,root,,test) +--send +RENAME TABLE t1 TO t2; +--connection default +FLUSH TABLES; +--connection con1 +--reap + +# Cleanup +--disconnect con1 +--connection default +DROP TABLE IF EXISTS t1, t2; diff --git a/sql/sql_statistics.cc b/sql/sql_statistics.cc index ce320e87a4f..471749ad346 100644 --- a/sql/sql_statistics.cc +++ b/sql/sql_statistics.cc @@ -1376,7 +1376,8 @@ public: ~Stat_table_write_iter() { - cleanup(); + /* Ensure that cleanup has been run */ + DBUG_ASSERT(rowid_buf == 0); } }; |