mirror/mariadb
1
0
Fork 0
mirror of https://github.com/MariaDB/server.git synced 2025-01-18 13:02:28 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
mariadb/storage/innobase
History
sjaakola df07ea0b27 MDEV-23557 Galera heap-buffer-overflow in wsrep_rec_get_foreign_key 
This commit contains a fix and extended test case for a ASAN failure
reported during galera.fk mtr testing.
The reported heap buffer overflow happens in test case where a cascading
foreign key constraint is defined for a column of varchar type, and
galera.fk.test has such vulnerable test scenario.

Troubleshoting revealed that erlier fix for MDEV-19660 has made a fix
for cascading delete handling to append wsrep keys from pcur->old_rec,
in row_ins_foreign_check_on_constraint(). And, the ASAN failuer comes from
later scanning of this old_rec reference.

The fix in this commit, moves the call for wsrep_append_foreign_key() to happen
somewhat earlier, and inside ongoing mtr, and using clust_rec which is set
earlier in the same mtr for both update and delete cascade operations.
for wsrep key populating, it does not matter when the keys are populated,
all keys just have to be appended before wsrep transaction replicates.

Note that I also tried similar fix for earlier wsrep key append, but using
the old implementation with pcur->old_rec (instead of clust_rec), and same
ASAN failure was reported. So it appears that pcur->old_rec is not properly
set, to be used for wsrep key appending.

galera.galera_fk_cascade_delete test has been extended by two new test scenarios:
* FK cascade on varchar column.
  This test case reproduces same scenario as galera.fk, and this test scenario
  will also trigger ASAN failure with non fixed MariaDB versions.
* multi-master conflict with FK cascading.
  this scenario causes a conflict between a replicated FK cascading transaction
  and local transaction trying to modify the cascaded child table row.
  Local transaction should be aborted and get deadlock error.
  This test scenario is passing both with old MariaDB version and with this
  commit as well.
2020-08-28 13:13:35 +03:00
..
btr MDEV-23380 InnoDB reads a page from disk despite parsing MLOG_INIT_FILE_PAGE2 record 2020-08-18 14:59:16 +05:30
buf MDEV-23452 Assertion `buf_page_get_io_fix(bpage) == BUF_IO_NONE' failed 2020-08-20 11:38:10 +05:30
data MDEV-20377: Fix -Wunused-but-set-variable 2020-07-01 20:34:06 +03:00
dict MDEV-23134 SEGV in dict_load_table_one during restart after server crash 2020-07-23 20:43:28 +05:30
eval MDEV-21254 Remove unused keywords from the InnoDB SQL parser 2019-12-09 12:32:04 +02:00
fil Merge 10.1 into 10.2 2020-08-13 17:50:40 +03:00
fsp MDEV-11799 Doublewrite recovery can corrupt data pages 2020-07-31 11:54:35 +03:00
fts MDEV-22782 AddressSanitizer race condition in trx_free() 2020-08-21 18:23:28 +03:00
fut Merge 10.1 into 10.2 2019-05-13 17:54:04 +03:00
gis MDEV-22456 Dropping the adaptive hash index may cause DDL to lock up InnoDB 2020-05-15 17:23:08 +03:00
ha Merge 10.1 into 10.2 2019-05-13 17:54:04 +03:00
handler MDEV-22782 AddressSanitizer race condition in trx_free() 2020-08-21 18:23:28 +03:00
ibuf Merge 10.1 into 10.2 2020-07-20 14:53:24 +03:00
include MDEV-23547 InnoDB: Failing assertion: *len in row_upd_ext_fetch 2020-08-25 15:32:15 +03:00
lock MDEV-23101 fixup: Remove redundant code 2020-08-04 09:56:09 +03:00
log MDEV-23474 InnoDB fails to restart after SET GLOBAL innodb_log_checksums=OFF 2020-08-18 16:46:07 +03:00
mach Merge 10.1 into 10.2 2019-05-13 17:54:04 +03:00
mem MDEV-20377: Make WITH_MSAN more usable 2020-07-01 17:23:00 +03:00
mtr Merge 10.1 into 10.2 2020-07-20 14:53:24 +03:00
mysql-test/storage_engine Fix for MDEV-17449, typo in error message (#1146) 2019-03-24 21:24:28 +04:00
os MDEV-20377: Make WITH_MSAN more usable 2020-07-01 17:23:00 +03:00
page Merge 10.1 into 10.2 2020-08-13 07:38:35 +03:00
pars MDEV-21254 Remove unused keywords from the InnoDB SQL parser 2019-12-09 12:32:04 +02:00
que InnoDB: reduce size of dtuple_t 2020-03-20 21:35:42 +03:00
read MVCC::view_close(): Correct comments 2019-09-04 09:42:38 +03:00
rem MDEV-21595: innodb offset_t rename to rec_offs 2020-04-29 12:02:47 +03:00
row MDEV-23557 Galera heap-buffer-overflow in wsrep_rec_get_foreign_key 2020-08-28 13:13:35 +03:00
srv MDEV-23475 InnoDB performance regression for write-heavy workloads 2020-08-19 11:18:56 +03:00
sync Merge 10.1 into 10.2 2020-08-10 17:57:14 +03:00
trx MDEV-23547 InnoDB: Failing assertion: *len in row_upd_ext_fetch 2020-08-25 15:32:15 +03:00
ut MDEV-20377: Fix cmake -DPLUGIN_PERFSCHEMA=NO 2020-07-02 06:03:59 +03:00
.clang-format add .clang-format file for InnoDB 2019-10-29 21:56:24 +03:00
bzip2.cmake Merge 10.1 into 10.2 2019-05-13 17:54:04 +03:00
CMakeLists.txt MDEV-21337 fix aligned_malloc() 2019-12-18 20:09:52 +08:00
compile-innodb Merge branch '5.5' into 10.1 2019-05-11 22:19:05 +03:00
COPYING.Google
COPYING.Percona
innodb.cmake MDEV-21362 do something with -fno-builtin-memcmp for rem0cmp.cc 2019-12-24 17:03:27 +08:00
lz4.cmake Merge 10.1 into 10.2 2019-05-13 17:54:04 +03:00
lzma.cmake Merge 10.1 into 10.2 2019-05-13 17:54:04 +03:00
lzo.cmake Merge 10.1 into 10.2 2019-05-13 17:54:04 +03:00
plugin_exports
snappy.cmake Merge 10.1 into 10.2 2019-05-13 17:54:04 +03:00