Bug #108668 'ut_ad(index != nullptr)' is unsafe in row_quiesce_write_indexes(...,...,...)
Submitted: 3 Oct 2022 7:07 Modified: 3 Oct 2022 13:11
Reporter: Cheng Zhou Email Updates:
Status: Verified Impact on me:
None 
Category:MySQL Server: InnoDB storage engine Severity:S3 (Non-critical)
Version:8.0 OS:Any
Assigned to: CPU Architecture:Any

[3 Oct 2022 7:07] Cheng Zhou
Description:
The code snippet of mysql8.0.30:

[[nodiscard]] static MY_ATTRIBUTE((nonnull)) dberr_t
    row_quiesce_write_indexes(const dict_table_t *table, /*!< in: write the meta
                                                         data for this table */
                              FILE *file, /*!< in: file to write to */
                              THD *thd)   /*!< in/out: session */
{
  ...
  /* Write SDI Index */
  if (has_sdi) {
    dict_mutex_enter_for_mysql();

    dict_index_t *index = dict_sdi_get_index(table->space);

    dict_mutex_exit_for_mysql();

    ut_ad(index != nullptr);
    const auto err = row_quiesce_write_one_index(index, file, thd);
    if (err != DB_SUCCESS) {
      return err;
    }
  }
  ...
}

'index != nullptr' is not guranteed as dict_sdi_get_index(table->space) can returns nullptr. 'ut_ad(index != nullptr)' may be not safe.

How to repeat:
Read the code:

dict_index_t *dict_sdi_get_index(space_id_t tablespace_id) {
  dict_table_t *table = dd_table_open_on_id(
      dict_sdi_get_table_id(tablespace_id), nullptr, nullptr, true, true);

  if (table != nullptr) {
    dict_sdi_close_table(table);
    return (table->first_index());
  }
  return (nullptr);
}
[3 Oct 2022 13:11] MySQL Verification Team
Hi Mr. Zhou,

Thank you for your bug report.

We have analysed the code that you have sent us and we agree with your analysis.

Verified as reported.