Bug#36075756 ASAN crash on MaterializeIterator<Profiler>::load_HF_row_into_hash_map() [2/2]

Dag Wanvik · dahlerlend · commit ec3e63d3d937 · 2024-06-02T20:40:53.000+02:00
While the first patch [1/2] solves this issue by allocating on the
session's main MEM_ROOT for (one of) the last rows in a chunk when
re-reading it into the hash table again, the reason why we run out of
space on re-reading the rows is another matter. Why do we run out of
space even though the rows are read back into the hash table in
another order then they were entered the first time?

It turns out there a conscious "error" in CalculateColumnStorageSize
to improve performance.  When we are computing the size of a NULL
blob, we will return the wrong (large) size (the size of previous blob
row read). This causes us to run out of space.

Looking at the caller, ComputeRowSizeUpperBound, we see this comment:

  // even though we only store non-null columns, we count up the size
  // of all columns unconditionally. this means that null columns may
  // very well be counted here, but the only effect is that we end up
  // reserving a bit too much space in the buffer for holding the row
  // data. that is more welcome than having to call field::is_null()
  // for every column in every row.

maybe, but surely not at the cost of reading garbage? This patch
changes CalculateColumnStorageSize to test for null for blobs, so that
the estimate returned is sensible.  This alone removes the bug even
without patch [1/2] for this bug. In fact it would work also without
the fix for Bug#35686098 - no use of overflow_mem_root is required in
the repro.

Still, we consider patch [1/2] to be useful in its own right, as a
fallback to an overflow mem_root (i.e. the normal session mem_root) is
now possible iff different fragmentation should lead to space
overflow, so we elect to keep [1/2] as well. This patch [2/2] reduces
the need for overflow_mem_root.

Change-Id: Ia4d0e370fe172a021db8cda86fbc333cbea2e98c
diff --git a/sql/pack_rows.cc b/sql/pack_rows.cc
@@ -188,7 +188,9 @@ static size_t CalculateColumnStorageSize(const Column &column) {
     // does not include the size of the length variable for blob types, so we
     // have to add that ourselves.
     const Field_blob *field_blob = down_cast<const Field_blob *>(column.field);
-    return field_blob->data_length() + field_blob->pack_length_no_ptr();
+    return field_blob->is_null()
+               ? 0
+               : field_blob->data_length() + field_blob->pack_length_no_ptr();
   }
 
   return column.field->max_data_length();
