Technical Advisory 99796

On this page Carat arrow pointing down

Publication date: April 17, 2023

Description

Starting in CockroachDB v22.2.0, the implementation for ALTER TABLE..ADD COLUMN began using the new declarative schema changer. However, this implementation introduced a bug when a specific Data Manipulation Language (DML) schema change operation occurs concurrently with an UPDATE or INSERT command, and the schema change fails and is rolled back.

If a new column family with a single column was created using an ALTER TABLE..ADD COLUMN command that was executed concurrently with an UPDATE or INSERT command, this new column family could be written within any primary index. This only became an issue if the schema change failed and was rolled back. This bug could cause corruption in the primary index, because the primary index would still contain the new data after the added column or column family was cleaned up from the table descriptor. In this situation, the table could become inaccessible.

This vulnerability affects all of the following CockroachDB versions: v22.2.0 to v22.2.7.

Statement

This is resolved in CockroachDB by PR #99953, which adds validation to rollback operations to account for this situation.

The fix has been applied to maintenance releases of CockroachDB: v22.2.8.

This public issue is tracked by #99796.

Mitigation

Users of CockroachDB v22.2.0 to v22.2.7 are encouraged to upgrade to v22.2.8 or a later version.

Until such an upgrade, if you are impacted by this issue, you can temporarily disable the declarative schema changer before executing an ALTER TABLE..ADD COLUMN statement using a session variable:

icon/buttons/copy
SET use_declarative_schema_changer='off'

To permanently disable the declarative schema changer for all users, use a cluster setting:

icon/buttons/copy
SET CLUSTER SETTINGS sql.defaults.use_declarative_schema_changer = off

Impact

After upgrading to CockroachDB v22.2.0-v22.2.7, a bug could cause primary index corruption when an ALTER TABLE..ADD COLUMN statement executes concurrently with an UPDATE or INSERT command, and the schema change fails and is rolled back.

Questions about any technical alert can be directed to our support team.


Yes No
On this page

Yes No