MDEV-14750 Valgrind Invalid read, ASAN heap-use-after-free in Item_ident::print upon SHOW CREATE on partitioned table

items in the partitioning function were taking the table name from the table's field (in set_field(from_field) in Item_field::fix_fields) and field's table_name is TABLE::alias. But alias is changed for every statement, and can be realloced if next statement uses a longer alias. But partitioning items are fixed once and live as long as the TABLE does. So if an alias is realloced, pointers to the old alias string will become invalid. Fix partitioning item table_name to point to the actual table name instead.
author: Sergei Golubchik <serg@mariadb.org> 2018-05-14 21:21:59 +0200
committer: Sergei Golubchik <serg@mariadb.org> 2018-05-15 12:10:48 +0200
commit: c29312421e9dd6b8b6be332788cbab0621cbcb9f (patch)
tree: 3da41a68715c186afcd5e7213d1c453d538d0f6b /sql/item.cc
parent: c14c958c6cd00296cccc10ce523248130be65ec5 (diff)
download: mariadb-git-c29312421e9dd6b8b6be332788cbab0621cbcb9f.tar.gz
1 files changed, 4 insertions, 0 deletions
diff --git a/sql/item.cc b/sql/item.cc
index fbc4ec22c6e..68761293682 100644
--- a/sql/item.cc
+++ b/sql/item.cc
@@ -5766,6 +5766,10 @@ bool Item_field::post_fix_fields_part_expr_processor(void *int_arg)
   DBUG_ASSERT(fixed);
   if (field->vcol_info)
     field->vcol_info->mark_as_in_partitioning_expr();
+  /*
+    Update table_name to be real table name, not the alias. Because alias is
+    reallocated for every statement, and this item has a long life time */
+  table_name= field->table->s->table_name.str;
   return FALSE;
 }
author	Sergei Golubchik <serg@mariadb.org>	2018-05-14 21:21:59 +0200
committer	Sergei Golubchik <serg@mariadb.org>	2018-05-15 12:10:48 +0200
commit	c29312421e9dd6b8b6be332788cbab0621cbcb9f (patch)
tree	3da41a68715c186afcd5e7213d1c453d538d0f6b /sql/item.cc
parent	c14c958c6cd00296cccc10ce523248130be65ec5 (diff)
download	mariadb-git-c29312421e9dd6b8b6be332788cbab0621cbcb9f.tar.gz