Details
-
Bug
-
Status: Closed (View Workflow)
-
Major
-
Resolution: Fixed
-
None
-
None
-
None
Description
marko is hitting MSAN issues with C/C due to a bug in MSAN and needs the following workaround applied:
diff --git a/libmariadb/mariadb_stmt.c b/libmariadb/mariadb_stmt.c
|
index 8f5bddc..e15e1bd 100644
|
--- a/libmariadb/mariadb_stmt.c
|
+++ b/libmariadb/mariadb_stmt.c
|
@@ -1,5 +1,5 @@
|
/****************************************************************************
|
- Copyright (C) 2012 Monty Program AB
|
+ Copyright (C) 2012, 2020, MariaDB Corporation.
|
|
This library is free software; you can redistribute it and/or
|
modify it under the terms of the GNU Library General Public
|
@@ -56,7 +56,12 @@
|
#include <mysql/client_plugin.h>
|
#include <ma_common.h>
|
#include "ma_priv.h"
|
-
|
+#ifndef __has_feature
|
+# define __has_feature(x) 0
|
+#endif
|
+#if __has_feature(memory_sanitizer)
|
+# include <sanitizer/msan_interface.h>
|
+#endif
|
|
#define UPDATE_STMT_ERROR(stmt)\
|
SET_CLIENT_STMT_ERROR((stmt), (stmt)->mysql->net.last_errno, (stmt)->mysql->net.sqlstate, (stmt)->mysql->net.last_error)
|
@@ -542,7 +547,13 @@ int store_param(MYSQL_STMT *stmt, int column, unsigned char **p, unsigned long r
|
(*p) += 4;
|
break;
|
case MYSQL_TYPE_DOUBLE:
|
+#if __has_feature(memory_sanitizer) /* QQ: MSAN has double trouble? */
|
+ __msan_check_mem_is_initialized(buf, sizeof(double));
|
+#endif
|
float8store(*p, (*(double *)buf));
|
+#if __has_feature(memory_sanitizer) /* QQ: MSAN has double trouble? */
|
+ __msan_unpoison(*p, sizeof(double));
|
+#endif
|
(*p) += 8;
|
break;
|
case MYSQL_TYPE_LONGLONG:
|
Attachments
Issue Links
- relates to
-
CONC-512 truncation check for float values fails on i386 due to Intel FPU optimization bug in gcc
-
- Closed
-
-
MDEV-26761 main.mysql_client_test test_mdev19838 fails with MemorySanitizer
-
- Closed
-
-
MDEV-20377 Make WITH_MSAN more usable
-
- Closed
-
Note: The patch that I supplied is not addressing the problem. Hopefully it gives an idea what should be done.
I believe that the problem could be in MSAN itself. Here is what I saw (see
MDEV-20377how to use WITH_MSAN):MSAN_OPTIONS=abort_on_error=1:log_path=/dev/shm/msan LD_LIBRARY_PATH=/mariadb/llvm-toolchain-10-10.0.0/libc++msan/lib ./mtr --parallel=auto --force --big-test main.mysql_client_test_nonblock main.mysql_client_test main.mysql_client_test_comp
In one of the /dev/shm/msan.* files, there would be the following output:
10.5 1813d92d0c505a1c752f4a9d6e37db6bffe4efdd
Uninitialized bytes in __interceptor_send at offset 29 inside [0x724000002000, 42)
==2469456==WARNING: MemorySanitizer: use-of-uninitialized-value
#0 0x5593fb8ac68c in ma_send /mariadb/10.5-merge/libmariadb/plugins/pvio/pvio_socket.c:373:9
#1 0x5593fb8ac68c in pvio_socket_async_write /mariadb/10.5-merge/libmariadb/plugins/pvio/pvio_socket.c:429:6
#2 0x5593fb83b690 in ma_pvio_write_async /mariadb/10.5-merge/libmariadb/libmariadb/ma_pvio.c:322:10
#3 0x5593fb83b690 in ma_pvio_write /mariadb/10.5-merge/libmariadb/libmariadb/ma_pvio.c:356:23
#4 0x5593fb8c1bb7 in ma_net_real_write /mariadb/10.5-merge/libmariadb/libmariadb/ma_net.c:335:17
#5 0x5593fb8c3501 in ma_net_flush /mariadb/10.5-merge/libmariadb/libmariadb/ma_net.c:166:11
#6 0x5593fb8c3501 in ma_net_write_command /mariadb/10.5-merge/libmariadb/libmariadb/ma_net.c:244:12
#7 0x5593fb81173d in mthd_my_send_cmd /mariadb/10.5-merge/libmariadb/libmariadb/mariadb_lib.c:402:7
#8 0x5593fb8567f1 in mysql_stmt_execute /mariadb/10.5-merge/libmariadb/libmariadb/mariadb_stmt.c:2068:8
#9 0x5593fb89d24d in mysql_stmt_execute_start_internal /mariadb/10.5-merge/libmariadb/libmariadb/mariadb_async.c:1380:1
#10 0x5593fb8a55dc in my_context_spawn /mariadb/10.5-merge/libmariadb/libmariadb/ma_context.c:201:3
Uninitialized value was created by a heap allocation
#0 0x5593fb508a8d in malloc (/dev/shm/10.5msan/tests/mariadb-client-test+0x66a8d)
I basically tried to adapt the
MDEV-22691fix from the server. It seems that MemorySanitizer has some trouble managing the shadow bits of double variables.