cd56b40...
by
Dmitry Shulga <email address hidden>
MDEV-28129: MariaDB UAF issue at lex_end_nops(LEX*)
This bug report is not about ASAN Use After Free issue. This bug is
about missed calling of the method LEX::cleanup_lex_after_parse_error
that should happen on parse error.
Aforementioned method calls sphead::restore_thd_mem_root to clean up
resources acquired on processing a stored routine. Particularly,
the method sp_head::restore_tht_mem_root is called to restore
an original mem root and reset LEX::sphead into nullptr.
The method LEX::cleanup_lex_after_parse_error is invoked by the macros
MYSQL_YYABORT. Unfortunately, some rules of grammar for handling
user variables in SQL use YYABORT instead of MYSQL_YYABORT to handle
parser errors. As a consequence, in case a statement with setting of
a user variable is called inside a stored routine, it results in
assert failure in sp_head destructor.
To fix the issue the macros YYABORT should be replaced by MYSQL_YYABORT
in those grammar rules that handle assignment of user variables.
Configuring UDFs via plugin variables looks not a good idea.
The more variables Spider has, the more complex it becomes.
Further, I expect that only a few users use Spider UDFs.
Deprecate the following plugin variables regarding Spider UDFs:
spider_udf_table_lock_mutex_count and spider_udf_table_mon_mutex_count
are also for tweaking UDFs but they are already read-only. So,
there is no need to deprecate them.
The comparison on the checkpoint age (number of log bytes
written since the previous checkpoint) is inaccurate, because
the previous FILE_CHECKPOINT record could span two 512-byte
log blocks, which will cause the LSN to increase by the size of the
log block header and footer.
We will still generate a redudant checkpoint if the previous
checkpoint wrote some FILE_MODIFY records before the FILE_CHECKPOINT
record.