Publication date: April 17, 2023
Description
Starting in CockroachDB v22.2.0, the implementation for ALTER TABLE..ADD COLUMN
began using the new declarative schema changer. However, this implementation introduced a bug when a specific Data Manipulation Language (DML) schema change operation occurs concurrently with an UPDATE
or INSERT
command, and the schema change fails and is rolled back.
If a new column family with a single column was created using an ALTER TABLE..ADD COLUMN
command that was executed concurrently with an UPDATE
or INSERT
command, this new column family could be written within any primary index. This only became an issue if the schema change failed and was rolled back. This bug could cause corruption in the primary index, because the primary index would still contain the new data after the added column or column family was cleaned up from the table descriptor. In this situation, the table could become inaccessible.
This vulnerability affects all of the following CockroachDB versions: v22.2.0 to v22.2.7.
Statement
This is resolved in CockroachDB by PR #99953, which adds validation to rollback operations to account for this situation.
The fix has been applied to maintenance releases of CockroachDB: v22.2.8.
This public issue is tracked by #99796.
Mitigation
Users of CockroachDB v22.2.0 to v22.2.7 are encouraged to upgrade to v22.2.8 or a later version.
Until such an upgrade, if you are impacted by this issue, you can temporarily disable the declarative schema changer before executing an ALTER TABLE..ADD COLUMN statement using a session variable:
SET use_declarative_schema_changer='off'
To permanently disable the declarative schema changer for all users, use a cluster setting:
SET CLUSTER SETTINGS sql.defaults.use_declarative_schema_changer = off
Impact
After upgrading to CockroachDB v22.2.0-v22.2.7, a bug could cause primary index corruption when an ALTER TABLE..ADD COLUMN
statement executes concurrently with an UPDATE
or INSERT
command, and the schema change fails and is rolled back.
Questions about any technical alert can be directed to our support team.