MDEV-21341: Fix UBSAN failures: Issue Sixbb-10.3-mdev21341-issueSix

(Variant #2 of the patch, which keeps the sp_head object inside the
MEM_ROOT that sp_head object owns)
(10.3 version of the fix, with handling for class sp_package)

sp_head::operator new() and operator delete() were dereferencing sp_head*
pointers to memory that didn't hold a valid sp_head object (it was
not created/already destroyed).
This caused UBSan to crash when looking up type information.

Fixed by providing static sp_head::create() and sp_head::destroy() methods.

1 files changed, 3 insertions, 3 deletions

diff --git a/sql/sql_show.cc b/sql/sql_show.cc
index 3f18f659f7e..0b35789b869 100644
--- a/sql/sql_show.cc
+++ b/sql/sql_show.cc
@@ -6331,7 +6331,7 @@ bool store_schema_params(THD *thd, TABLE *table, TABLE *proc_table,
       {
         free_table_share(&share);
         if (free_sp_head)
-          delete sp;
+          sp_head::destroy(sp);
         DBUG_RETURN(1);
       }
     }
@@ -6378,7 +6378,7 @@ bool store_schema_params(THD *thd, TABLE *table, TABLE *proc_table,
       }
     }
     if (free_sp_head)
-      delete sp;
+      sp_head::destroy(sp);
   }
   free_table_share(&share);
   DBUG_RETURN(error);
@@ -6457,7 +6457,7 @@ bool store_schema_proc(THD *thd, TABLE *table, TABLE *proc_table,
           store_column_type(table, field, cs, 5);
           free_table_share(&share);
           if (free_sp_head)
-            delete sp;
+            sp_head::destroy(sp);
         }
       }