MDEV-18220: heap-use-after-free in fts_get_table_name_prefix()

fts_table_t::parent: Remove the redundant field. Refer to table->name.m_name instead. fts_update_sync_doc_id(), fts_update_next_doc_id(): Remove the redundant parameter table_name. fts_get_table_name_prefix(): Access the dict_table_t::name. FIXME: Ensure that this access is always covered by dict_sys->mutex.
2026-05-16 20:07:13 +02:00 · 2019-05-08 12:18:52 +03:00 · 2019-05-08 12:18:52 +03:00 · f92749ed36
commit f92749ed36
parent 5b3f7c0c33
16 changed files with 28 additions and 74 deletions
--- a/storage/innobase/include/fts0fts.h
+++ b/storage/innobase/include/fts0fts.h
@ -151,7 +151,6 @@ do {								\
 	(fts_table)->suffix = m_suffix;				\
        (fts_table)->type = m_type;				\
        (fts_table)->table_id = m_table->id;			\
-        (fts_table)->parent = m_table->name;			\
        (fts_table)->table = m_table;				\
 } while (0);

@ -160,7 +159,6 @@ do {								\
 	(fts_table)->suffix = m_suffix;				\
        (fts_table)->type = m_type;				\
        (fts_table)->table_id = m_index->table->id;		\
-        (fts_table)->parent = m_index->table->name;		\
        (fts_table)->table = m_index->table;			\
        (fts_table)->index_id = m_index->id;			\
 } while (0);
@ -265,10 +263,6 @@ struct fts_result_t {
 table id and the index id to generate the column specific FTS auxiliary
 table name. */
 struct fts_table_t {
-	const char*	parent;		/*!< Parent table name, this is
-					required only for the database
-					name */
-
 	fts_table_type_t
 			type;		/*!< The auxiliary table type */

@ -424,7 +418,6 @@ fts_update_next_doc_id(
 /*===================*/
 	trx_t*			trx,		/*!< in/out: transaction */
 	const dict_table_t*	table,		/*!< in: table */
-	const char*		table_name,	/*!< in: table name, or NULL */
 	doc_id_t		doc_id)		/*!< in: DOC ID to set */
 	MY_ATTRIBUTE((nonnull(2)));