Hi, Andrei, On Sep 01, Andrei wrote: > revision-id: 489a7fba324 (mariadb-10.5.17-10-g489a7fba324) > parent(s): 0324bde8469 > author: Andrei > committer: Andrei > timestamp: 2022-09-01 14:15:11 +0300 > message: > > MDEV-29322 ASAN heap-use-after-free in Query_log_event::do_apply_event > > The ASAN report was reported in the parallel slave execution of a Query > event and implicitly involved (so also parallelly run) Format-Description > event. > The Query actually had dependency on a preceding "old" FD whose > instance got destructed, so to cause the ASAN error. > > The case is fixed with copying of the value of > `options_written_to_bin_log` the sensitive member > of FD event into worker's stable placeholders, so FD change > won't affect Queries dependent on "old" instances. > > The method observes the following properties: > 0. each worker gets its private copy; > 1. the copied value gets a part of the execution context for any > Queries that follow the FD in binlog; > 2. any new FD forces a new copy which does not any affect on > the past (in binlog order) Queries which might be still in > execution.
Sorry, but this doesn't make any sense. The value of options_written_to_bin_log depends on the version of the server that has written that binlog file. Query_log_event cannot just randomly use some options_written_to_bin_log, it must use options_written_to_bin_log from the Format_description_log_event that came from the binlog file where the Query_log_event was read from. If rli->relay_log.description_event_for_exec is not that Format_description_log_event, and assuming that the correct Format_description_log_event is not stored anywhere, the Query_log_event has to remember options_written_to_bin_log itself, there's not much we can do about it. Or it can apply the mask in the constructor and store not flags2 but the new value of thd->variables.option_bits. Or it can extend flags2 to cover all OPTIONS_WRITTEN_TO_BINLOG. Regards, Sergei VP of MariaDB Server Engineering and secur...@mariadb.org _______________________________________________ Mailing list: https://launchpad.net/~maria-developers Post to : maria-developers@lists.launchpad.net Unsubscribe : https://launchpad.net/~maria-developers More help : https://help.launchpad.net/ListHelp