From 5b205458d9bc9b838ab7725d9f8e2f45b743e385 Mon Sep 17 00:00:00 2001
From: Eugene Kosov <eugene.kosov@mariadb.com>
Date: Thu, 18 Jul 2019 22:28:11 +0300
Subject: MDEV-20097 potential use-after-free

row_merge_read_clustered_index(): make buf always equals to merge_buf[i]
---
 storage/innobase/row/row0merge.cc | 1 +
 1 file changed, 1 insertion(+)

diff --git a/storage/innobase/row/row0merge.cc b/storage/innobase/row/row0merge.cc
index 463be8d229d..ac7eddfedbb 100644
--- a/storage/innobase/row/row0merge.cc
+++ b/storage/innobase/row/row0merge.cc
@@ -1916,6 +1916,7 @@ write_buffers:
 			UNIV_MEM_INVALID(&block[0], srv_sort_buf_size);
 
 			merge_buf[i] = row_merge_buf_empty(buf);
+			buf = merge_buf[i];
 
 			if (UNIV_LIKELY(row != NULL)) {
 				/* Try writing the record again, now
-- 
cgit v1.2.1