From 173e562dc2bd339de32d17de73b720e7ca863ff2 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Marko=20M=C3=A4kel=C3=A4?= <marko.makela@mariadb.com>
Date: Fri, 23 Jul 2021 17:20:57 +0300
Subject: MDEV-26228 ASAN heap-use-after-free with ON UPDATE CASCADE

In commit 83d2e0841ee30727c609f23957cc592399a3aca4 (MDEV-24041)
we failed to notice that in addition to the bug with
DELETE and ON DELETE CASCADE, there is another bug with
UPDATE and ON UPDATE CASCADE.

row_ins_foreign_fill_virtual(): Use the correct memory heap
for everything that will be reachable from the cascade->update
that we return to the caller.

Note: It is correct to use the shorter-lived cascade->heap for
rec_get_offsets(), because that memory will be abandoned when
row_ins_foreign_fill_virtual() returns.
---
 mysql-test/suite/gcol/r/innodb_virtual_fk.result | 3 +++
 mysql-test/suite/gcol/t/innodb_virtual_fk.test   | 3 +++
 2 files changed, 6 insertions(+)

(limited to 'mysql-test/suite')

diff --git a/mysql-test/suite/gcol/r/innodb_virtual_fk.result b/mysql-test/suite/gcol/r/innodb_virtual_fk.result
index 252274f3e0a..367ed1223f7 100644
--- a/mysql-test/suite/gcol/r/innodb_virtual_fk.result
+++ b/mysql-test/suite/gcol/r/innodb_virtual_fk.result
@@ -809,15 +809,18 @@ generated_email_id int as (email_id),
 PRIMARY KEY (id),
 KEY mautic_generated_sent_date_email_id (generated_email_id),
 FOREIGN KEY (email_id) REFERENCES emails (id) ON DELETE SET NULL
+ON UPDATE CASCADE
 ) ENGINE=InnoDB;
 CREATE TABLE emails_metadata (
 email_id int,
 PRIMARY KEY (email_id),
 CONSTRAINT FK FOREIGN KEY (email_id) REFERENCES emails (id) ON DELETE CASCADE
+ON UPDATE CASCADE
 ) ENGINE=InnoDB;
 INSERT INTO emails VALUES (1);
 INSERT INTO email_stats (id, email_id,  date_sent) VALUES (1,1,'Jan');
 INSERT INTO emails_metadata VALUES (1);
+UPDATE emails SET id=2;
 DELETE FROM emails;
 DROP TABLE email_stats;
 DROP TABLE emails_metadata;
diff --git a/mysql-test/suite/gcol/t/innodb_virtual_fk.test b/mysql-test/suite/gcol/t/innodb_virtual_fk.test
index 24b6a4631e6..c99259531b3 100644
--- a/mysql-test/suite/gcol/t/innodb_virtual_fk.test
+++ b/mysql-test/suite/gcol/t/innodb_virtual_fk.test
@@ -670,6 +670,7 @@ CREATE TABLE email_stats (
   PRIMARY KEY (id),
   KEY mautic_generated_sent_date_email_id (generated_email_id),
   FOREIGN KEY (email_id) REFERENCES emails (id) ON DELETE SET NULL
+  ON UPDATE CASCADE
 ) ENGINE=InnoDB;
 
 
@@ -677,6 +678,7 @@ CREATE TABLE emails_metadata (
   email_id int,
   PRIMARY KEY (email_id),
   CONSTRAINT FK FOREIGN KEY (email_id) REFERENCES emails (id) ON DELETE CASCADE
+  ON UPDATE CASCADE
 ) ENGINE=InnoDB;
 
 
@@ -684,6 +686,7 @@ INSERT INTO emails VALUES (1);
 INSERT INTO email_stats (id, email_id,  date_sent) VALUES (1,1,'Jan');
 INSERT INTO emails_metadata VALUES (1);
 
+UPDATE emails SET id=2;
 DELETE FROM emails;
 
 DROP TABLE email_stats;
-- 
cgit v1.2.1