MDEV-33170: ASAN errors upon CONVERT TABLE TO PARTITION with query cache#5120
MDEV-33170: ASAN errors upon CONVERT TABLE TO PARTITION with query cache#5120grooverdan wants to merge 1 commit into
Conversation
With a fast altering partition mechanism, the table cache of the the moved partition is invalided in alter_partition_convert_in. Let's invalidate the query cache of these table involved in the query early. This prevents a use after free that was previous there when the query_cache_invalidate was at the end of the function and the references to tables where closed and frred.
grooverdan
added
the
MariaDB Foundation
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request addresses MDEV-33170, which caused ASAN errors during 'CONVERT TABLE TO PARTITION' operations when the query cache was active. The changes include a new regression test and a relocation of the query cache invalidation logic. However, feedback indicates that removing the invalidation from the common exit point 'fast_end_partition' introduces regressions for other partition operations like ADD, DROP, and REORGANIZE. It is recommended to move the invalidation to the beginning of 'fast_alter_partition_table' to ensure all operations are covered and to nullify table pointers to prevent potential Use-After-Free issues.
|
|
||
| thd->proc_info="end"; | ||
|
|
||
| query_cache_invalidate3(thd, table_list, 0); |
There was a problem hiding this comment.
Removing query_cache_invalidate3 from fast_end_partition introduces a regression for other fast partition operations (e.g., ADD PARTITION, DROP PARTITION, REORGANIZE PARTITION). Since fast_end_partition is the common exit point for all fast partition alterations, these operations will no longer invalidate the query cache, leading to stale results. To fix the Use-After-Free while maintaining correctness, the invalidation should be moved to a common point at the beginning of fast_alter_partition_table to ensure all operations are covered and the cache is invalidated before any tables are closed or freed.
| check_table_data(lpt)) | ||
| goto err; | ||
|
|
||
| query_cache_invalidate3(thd, table_list, 0); |
There was a problem hiding this comment.
While moving the invalidation here fixes the Use-After-Free for the CONVERT_IN case, it is incomplete as it doesn't cover other operations previously handled by fast_end_partition. Furthermore, to prevent potential Use-After-Free issues in subsequent invalidation calls (such as the one at the end of mysql_alter_table), any TABLE pointers in table_list that are closed or freed during the operation should be explicitly set to NULL.
2 participants
With a fast altering partition mechanism, the table cache of the the moved partition is invalided in alter_partition_convert_in.
Let's invalidate the query cache of these table involved in the query early.
This prevents a use after free that was previous there when the query_cache_invalidate was at the end of the function and the references to tables where closed and frred.