Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

MDEV-35852 : ASAN heap-use-after-free in WSREP_DEBUG after INSERT DEL… #3769

Closed
wants to merge 1 commit into from
Closed

MDEV-35852 : ASAN heap-use-after-free in WSREP_DEBUG after INSERT DEL… #3769

wants to merge 1 commit into from

Conversation

janlindstrom
Copy link
Contributor

…AYED

  • The Jira issue number for this PR is: MDEV-35852

Description

Problem was that in case of INSERT DELAYED thd->query() is deleted before we call trans_rollback where WSREP_DEBUG could access thd->query().

Fix is to return NULL from wsrep_query() in case when thd is killed and thread is insert delayed thread.

Release Notes

TODO: What should the release notes say about this change?
Include any changed system variables, status variables or behaviour. Optionally list any https://mariadb.com/kb/ pages that need changing.

How can this PR be tested?

TODO: modify the automated test suite to verify that the PR causes MariaDB to behave as intended.
Consult the documentation on "Writing good test cases".

If the changes are not amenable to automated testing, please explain why not and carefully describe how to test manually.

Basing the PR against the correct MariaDB version

  • This is a new feature or a refactoring, and the PR is based against the main branch.
  • [x ] This is a bug fix, and the PR is based against the earliest maintained branch in which the bug can be reproduced.

PR quality check

  • [ x] I checked the CODING_STANDARDS.md file and my PR conforms to this where appropriate.
  • [x ] For any trivial modifications to the PR, I am ok with the reviewer making the changes themselves.

@janlindstrom janlindstrom added the Codership Codership Galera label Jan 16, 2025
@janlindstrom
MDEV-35852 : ASAN heap-use-after-free in WSREP_DEBUG after INSERT DEL…
5bacb09 
…AYED

Problem was that in case of INSERT DELAYED thd->query() is
freed before we call trans_rollback where WSREP_DEBUG
could access thd->query() in wsrep_thd_query().

Fix is to reset thd->query() to NULL in delayed_insert
destructor after it is freed. There is already
null guard at wsrep_thd_query().
@sysprg
Copy link
Contributor

sysprg commented Jan 20, 2025

Thanks, the fix has been merged into the master branch: 43c36b3

@sysprg sysprg closed this Jan 20, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Unique-utkarsh Unique-utkarsh Unique-utkarsh approved these changes

Assignees

@sysprg sysprg

Labels
Codership Codership Galera
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@janlindstrom @sysprg @Unique-utkarsh