[Commits] 90346ebbfe8: MDEV-19049 Server crashes in check_duplicate_long_entry_key, ASAN stack-buffer-overflow in Field_blob::get_key_image
revision-id: 90346ebbfe860221fb85330ce6c9056bf4a065ad (mariadb-10.4.3-104-g90346ebbfe8) parent(s): 0bc42602266815b81fe86b08c2228912c1a95340 author: Sachin committer: Sachin timestamp: 2019-03-27 14:44:00 +0530 message: MDEV-19049 Server crashes in check_duplicate_long_entry_key, ASAN stack-buffer-overflow in Field_blob::get_key_image Long Unique keys should always be last unique key. --- mysql-test/main/long_unique_bugs.result | 46 +++++++++++++++++++++++++++++++++ mysql-test/main/long_unique_bugs.test | 22 +++++++++++++++- sql/sql_table.cc | 9 +++++++ 3 files changed, 76 insertions(+), 1 deletion(-) diff --git a/mysql-test/main/long_unique_bugs.result b/mysql-test/main/long_unique_bugs.result index 87a57fb4614..48e74bdd564 100644 --- a/mysql-test/main/long_unique_bugs.result +++ b/mysql-test/main/long_unique_bugs.result @@ -239,3 +239,49 @@ CREATE TABLE t1 (a INT, UNIQUE USING HASH (a)) PARTITION BY HASH (a) PARTITIONS INSERT INTO t1 VALUES (2); REPLACE INTO t1 VALUES (2); DROP TABLE t1; +CREATE TABLE t1 (pk INT, a CHAR(4), b BLOB NOT NULL, PRIMARY KEY(pk)); +INSERT INTO t1 VALUES (1,'foo','bar'); +ALTER TABLE t1 ADD KEY (b(64)); +ALTER TABLE t1 ADD UNIQUE (b(165)); +ALTER TABLE t1 ADD KEY (b(1000)); +ALTER TABLE t1 ADD KEY (b(500)); +ALTER TABLE t1 ADD UNIQUE (a,b); +ALTER TABLE t1 ADD UNIQUE (b(95)); +ALTER TABLE t1 ADD KEY (b(30)); +ALTER TABLE t1 ADD UNIQUE (b(20)); +show create table t1; +Table Create Table +t1 CREATE TABLE `t1` ( + `pk` int(11) NOT NULL, + `a` char(4) DEFAULT NULL, + `b` blob NOT NULL, + PRIMARY KEY (`pk`), + UNIQUE KEY `b_2` (`b`(165)), + UNIQUE KEY `b_5` (`b`(95)), + UNIQUE KEY `b_7` (`b`(20)), + UNIQUE KEY `a` (`a`,`b`) USING HASH, + KEY `b` (`b`(64)), + KEY `b_3` (`b`(1000)), + KEY `b_4` (`b`(500)), + KEY `b_6` (`b`(30)) +) ENGINE=MyISAM DEFAULT CHARSET=latin1 +ALTER TABLE t1 ADD UNIQUE (b); +show create table t1; +Table Create Table +t1 CREATE TABLE `t1` ( + `pk` int(11) NOT NULL, + `a` char(4) DEFAULT NULL, + `b` blob NOT NULL, + PRIMARY KEY (`pk`), + UNIQUE KEY `b_2` (`b`(165)), + UNIQUE KEY `b_5` (`b`(95)), + UNIQUE KEY `b_7` (`b`(20)), + UNIQUE KEY `a` (`a`,`b`) USING HASH, + UNIQUE KEY `b_8` (`b`) USING HASH, + KEY `b` (`b`(64)), + KEY `b_3` (`b`(1000)), + KEY `b_4` (`b`(500)), + KEY `b_6` (`b`(30)) +) ENGINE=MyISAM DEFAULT CHARSET=latin1 +ALTER TABLE t1 FORCE; +DROP TABLE t1; diff --git a/mysql-test/main/long_unique_bugs.test b/mysql-test/main/long_unique_bugs.test index ed0daee426f..11b1c4f09b6 100644 --- a/mysql-test/main/long_unique_bugs.test +++ b/mysql-test/main/long_unique_bugs.test @@ -1,4 +1,5 @@ --source include/have_innodb.inc +--source include/have_partition.inc # # MDEV-18707 Server crash in my_hash_sort_bin, ASAN heap-use-after-free in Field::is_null, server hang, corrupted double-linked list @@ -269,8 +270,27 @@ drop table t1; # # MDEV-18904 Assertion `m_part_spec.start_part >= m_part_spec.end_part' failed in ha_partition::index_read_idx_map # ---source include/have_partition.inc CREATE TABLE t1 (a INT, UNIQUE USING HASH (a)) PARTITION BY HASH (a) PARTITIONS 2; INSERT INTO t1 VALUES (2); REPLACE INTO t1 VALUES (2); DROP TABLE t1; + +# +# MDEV-19049 Server crashes in check_duplicate_long_entry_key, ASAN stack-buffer-overflow in Field_blob::get_key_image +# +CREATE TABLE t1 (pk INT, a CHAR(4), b BLOB NOT NULL, PRIMARY KEY(pk)); +INSERT INTO t1 VALUES (1,'foo','bar'); + +ALTER TABLE t1 ADD KEY (b(64)); +ALTER TABLE t1 ADD UNIQUE (b(165)); +ALTER TABLE t1 ADD KEY (b(1000)); +ALTER TABLE t1 ADD KEY (b(500)); +ALTER TABLE t1 ADD UNIQUE (a,b); +ALTER TABLE t1 ADD UNIQUE (b(95)); +ALTER TABLE t1 ADD KEY (b(30)); +ALTER TABLE t1 ADD UNIQUE (b(20)); +show create table t1; +ALTER TABLE t1 ADD UNIQUE (b); +show create table t1; +ALTER TABLE t1 FORCE; +DROP TABLE t1; diff --git a/sql/sql_table.cc b/sql/sql_table.cc index ad62ecc1103..c755a74e174 100644 --- a/sql/sql_table.cc +++ b/sql/sql_table.cc @@ -2773,6 +2773,7 @@ bool quick_rm_table(THD *thd, handlerton *base, const LEX_CSTRING *db, - UNIQUE keys where all column are NOT NULL - UNIQUE keys that don't contain partial segments - Other UNIQUE keys + - LONG UNIQUE keys - Normal keys - Fulltext keys @@ -2796,6 +2797,14 @@ static int sort_keys(KEY *a, KEY *b) { if (!(b_flags & HA_NOSAME)) return -1; + /* + Long Unique keys should always be last unique key. + Before this patch they used to change order wrt to partial keys (MDEV-19049) + */ + if (a->algorithm == HA_KEY_ALG_LONG_HASH) + return 1; + if (b->algorithm == HA_KEY_ALG_LONG_HASH) + return -1; if ((a_flags ^ b_flags) & HA_NULL_PART_KEY) { /* Sort NOT NULL keys before other keys */
participants (1)
-
sachin.setiya@mariadb.com