MDEV-21341: Fix UBSAN failures: Issue Six

(Variant #2 of the patch, which keeps the sp_head object inside the MEM_ROOT that sp_head object owns) (10.3 requires extra work due to sp_package, will commit a separate patch for it) sp_head::operator new() and operator delete() were dereferencing sp_head* pointers to memory that didn't hold a valid sp_head object (it was not created/already destroyed). This caused UBSan to crash when looking up type information. Fixed by providing static sp_head::create() and sp_head::destroy() methods.
author: Sergei Petrunia <psergey@askmonty.org> 2020-01-12 20:50:12 +0200
committer: Sergei Petrunia <psergey@askmonty.org> 2020-01-14 18:15:32 +0300
commit: 5e5ae51b730aa67f9efb87af4f4921309eac51f1 (patch)
tree: c4f5bfbf4a0c73e90a3b935caedc2c6dc943c10d /sql/sql_parse.cc
parent: cb204e11eaf4c473ce5d5a10a21de147430057dc (diff)
download: mariadb-git-5e5ae51b730aa67f9efb87af4f4921309eac51f1.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/sql/sql_parse.cc b/sql/sql_parse.cc
index 218d0dbd357..e5626ccbd7c 100644
--- a/sql/sql_parse.cc
+++ b/sql/sql_parse.cc
@@ -4347,7 +4347,7 @@ mysql_execute_command(THD *thd)
   /* Don't do it, if we are inside a SP */
   if (!thd->spcont)
   {
-    delete lex->sphead;
+    sp_head::destroy(lex->sphead);
     lex->sphead= NULL;
   }
   /* lex->unit.cleanup() is called outside, no need to call it here */
author	Sergei Petrunia <psergey@askmonty.org>	2020-01-12 20:50:12 +0200
committer	Sergei Petrunia <psergey@askmonty.org>	2020-01-14 18:15:32 +0300
commit	5e5ae51b730aa67f9efb87af4f4921309eac51f1 (patch)
tree	c4f5bfbf4a0c73e90a3b935caedc2c6dc943c10d /sql/sql_parse.cc
parent	cb204e11eaf4c473ce5d5a10a21de147430057dc (diff)
download	mariadb-git-5e5ae51b730aa67f9efb87af4f4921309eac51f1.tar.gz