MDEV-21341: Fix UBSAN failures: Issue Six

(Variant #2 of the patch, which keeps the sp_head object inside the MEM_ROOT that sp_head object owns) (10.3 requires extra work due to sp_package, will commit a separate patch for it) sp_head::operator new() and operator delete() were dereferencing sp_head* pointers to memory that didn't hold a valid sp_head object (it was not created/already destroyed). This caused UBSan to crash when looking up type information. Fixed by providing static sp_head::create() and sp_head::destroy() methods.
author: Sergei Petrunia <psergey@askmonty.org> 2020-01-12 20:50:12 +0200
committer: Sergei Petrunia <psergey@askmonty.org> 2020-01-14 18:15:32 +0300
commit: 5e5ae51b730aa67f9efb87af4f4921309eac51f1 (patch)
tree: c4f5bfbf4a0c73e90a3b935caedc2c6dc943c10d /sql/sp.cc
parent: cb204e11eaf4c473ce5d5a10a21de147430057dc (diff)
download: mariadb-git-5e5ae51b730aa67f9efb87af4f4921309eac51f1.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/sql/sp.cc b/sql/sp.cc
index 966ea0280b4..1d340644ba1 100644
--- a/sql/sp.cc
+++ b/sql/sp.cc
@@ -754,7 +754,7 @@ static sp_head *sp_compile(THD *thd, String *defstr, ulonglong sql_mode,
   if (parse_sql(thd, & parser_state, creation_ctx) || thd->lex == NULL)
   {
     sp= thd->lex->sphead;
-    delete sp;
+    sp_head::destroy(sp);
     sp= 0;
   }
   else
author	Sergei Petrunia <psergey@askmonty.org>	2020-01-12 20:50:12 +0200
committer	Sergei Petrunia <psergey@askmonty.org>	2020-01-14 18:15:32 +0300
commit	5e5ae51b730aa67f9efb87af4f4921309eac51f1 (patch)
tree	c4f5bfbf4a0c73e90a3b935caedc2c6dc943c10d /sql/sp.cc
parent	cb204e11eaf4c473ce5d5a10a21de147430057dc (diff)
download	mariadb-git-5e5ae51b730aa67f9efb87af4f4921309eac51f1.tar.gz