From 8dc70c862b8ec115fd9a3c2b37c746ffc4f0d3cc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marko=20M=C3=A4kel=C3=A4?= Date: Mon, 4 Jun 2018 15:55:37 +0300 Subject: MDEV-16376 ASAN: heap-use-after-free in gcol.innodb_virtual_debug After a failed ADD INDEX, dict_index_remove_from_cache_low() could iterate the index fields and dereference a freed virtual column object when trying to remove the index from the v_indexes of the virtual column. This regression was caused by a merge of MDEV-16119 InnoDB lock->index refers to a freed object. ha_innobase_inplace_ctx::clear_added_indexes(): Detach the indexes of uncommitted indexes from virtual columns, so that the iteration in dict_index_remove_from_cache_low() can be avoided. ha_innobase::prepare_inplace_alter_table(): Ignore uncommitted corrupted indexes when rejecting ALTER TABLE. (This minor bug was revealed by the extension of the test case.) dict_index_t::detach_columns(): Detach an index from virtual columns. Invoked by both dict_index_remove_from_cache_low() and ha_innobase_inplace_ctx::clear_added_indexes(). dict_col_t::detach(const dict_index_t& index): Detach an index from a column. dict_col_t::is_virtual(): Replaces dict_col_is_virtual(). dict_index_t::has_virtual(): Replaces dict_index_has_virtual(). --- storage/innobase/include/dict0dict.ic | 24 ------------------------ 1 file changed, 24 deletions(-) (limited to 'storage/innobase/include/dict0dict.ic') diff --git a/storage/innobase/include/dict0dict.ic b/storage/innobase/include/dict0dict.ic index e20da7c708a..ca2ea769612 100644 --- a/storage/innobase/include/dict0dict.ic +++ b/storage/innobase/include/dict0dict.ic @@ -72,16 +72,6 @@ dict_col_copy_type( type->mbminlen = col->mbminlen; type->mbmaxlen = col->mbmaxlen; } -/** Check if a column is a virtual column -@param[in] col column -@return true if it is a virtual column, false otherwise */ -UNIV_INLINE -bool -dict_col_is_virtual( - const dict_col_t* col) -{ - return(col->prtype & DATA_VIRTUAL); -} #ifdef UNIV_DEBUG /*********************************************************************//** @@ -325,20 +315,6 @@ dict_index_is_spatial( return(index->type & DICT_SPATIAL); } -/** Check whether the index contains a virtual column -@param[in] index index -@return nonzero for the index has virtual column, zero for other indexes */ -UNIV_INLINE -ulint -dict_index_has_virtual( - const dict_index_t* index) -{ - ut_ad(index); - ut_ad(index->magic_n == DICT_INDEX_MAGIC_N); - - return(index->type & DICT_VIRTUAL); -} - /********************************************************************//** Check whether the index is the insert buffer tree. @return nonzero for insert buffer, zero for other indexes */ -- cgit v1.2.1