Hi, Oleksandr! On May 20, Oleksandr Byelkin wrote:
revision-id: ddec45aa50e (mariadb-10.2.24-11-gddec45aa50e) parent(s): 50999738eae author: Oleksandr Byelkin <sanja@mariadb.com> committer: Oleksandr Byelkin <sanja@mariadb.com> timestamp: 2019-05-14 14:01:15 +0200 message:
MDEV-16932: ASAN heap-use-after-free in my_charlen_utf8 / my_well_formed_char_length_utf8 on 2nd execution of SP with ALTER trying to add bad CHECK
In case of error the SP can be executed without re-comilation and so will reuse constructed constaint name, so the name should be allocated in the statement memory.
Is that right? You're saying that the "unique constraint name" will be generated once and reused? But on the second SP invocation is might no longer be unique. I'd think that `ALTER TABLE t1 ADD CONSTRAINT CHECK (x > 0)` should add a new constraint, not "add a new contraint with the name that used to be unique when the SP was invoked for the first time".
diff --git a/sql/sql_table.cc b/sql/sql_table.cc index 3df877792cc..ecd5de3a09d 100644 --- a/sql/sql_table.cc +++ b/sql/sql_table.cc @@ -4185,9 +4185,15 @@ mysql_prepare_create_table(THD *thd, HA_CREATE_INFO *create_info, while ((check= c_it++)) { if (!check->name.length) + { + Query_arena backup; + Query_arena *arena= thd->activate_stmt_arena_if_needed(&backup); make_unique_constraint_name(thd, &check->name, &alter_info->check_constraint_list, &nr); + if (arena) + thd->restore_active_arena(arena, &backup); + } { /* Check that there's no repeating constraint names. */ List_iterator_fast<Virtual_column_info>
Regards, Sergei Chief Architect MariaDB and security@mariadb.org