Bug #103851 Access a nullptr in udf_read_functions_table
Submitted: 29 May 2021 8:18 Modified: 13 Apr 2022 7:54
Reporter: xiaoyu wang (OCA) Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Server: DDL Severity:S3 (Non-critical)
Version:MySQL Server 8.0.25 Community OS:Any
Assigned to: CPU Architecture:Any
Tags: Contribution

[29 May 2021 8:18] xiaoyu wang 
Description:
I was doing experiment with storage engine and found this bug by accident.

It's too hard to reproduce this bug on original mysql-8.0.25 as InnoDB is so reliable.

I didn't find a deliberate way to reproduce this bug so I'm explaining how the bug takes place by demonstrating the relative source code. Please check illustration.pdf.

How to repeat:
Hard to repeat. Please check illustration.pdf.

Suggested fix:
Don't end_attachable_transaction() twice. Please check fix.patch.
[29 May 2021 8:18] xiaoyu wang 
How this bug takes place

(*) I confirm the code being submitted is offered under the terms of the OCA, and that I am authorized to contribute it.

Contribution: illustration.pdf (application/pdf, text), 284.50 KiB.
[29 May 2021 8:19] xiaoyu wang 
suggest fix

(*) I confirm the code being submitted is offered under the terms of the OCA, and that I am authorized to contribute it.

Contribution: fix.patch (application/octet-stream, text), 567 bytes.
[29 May 2021 10:39] MySQL Verification Team 
Hello xiaoyu wang,

Thank you for the report and contribution.

regards,
Umesh
[6 Jul 2021 12:05] Dyre Tjeldvoll 
Likely a duplicate of bug#103066 fixed in 8.0.26.
[6 Jul 2021 12:31] xiaoyu wang 
Hi, Dyre. It seems 103066 is an Oracle internal ID. Is there an approach that I can check it out ?
[13 Apr 2022 7:54] MySQL Verification Team 
Fixed in 8.0.26.

Executing DDL statements on a system table could cause a server exit.