Details
-
Bug
-
Status: Closed (View Workflow)
-
Major
-
Resolution: Fixed
-
10.1(EOL)
-
None
-
Debian GNU/Linux
Description
Apparently all tests that access the information_schema.processlist table would crash when the server is built with cmake -DWITH_ASAN, due to an out-of-bounds string access, reported like this:
CURRENT_TEST: innodb.innodb_bug12400341
|
mysqltest: At line 64: query 'select count(*) from information_schema.processlist' failed: 2013: Lost connection to MySQL server during query
|
this one is something definitely outside InnoDB:
|
==32392==ERROR: AddressSanitizer: global-buffer-overflow on address 0x0000018b90ac at pc 0x00000176c633 bp 0x7f8ceda19960 sp 0x7f8ceda19958
|
READ of size 1 at 0x0000018b90ac thread T55
|
#0 0x176c632 in my_string_repertoire_8bit /home/marko/mariadb/server/strings/ctype.c:829:18
|
#1 0x176c6bf in my_string_metadata_get /home/marko/mariadb/server/strings/ctype.c:895:27
|
#2 0x6f6312 in Item_string::Item_string(THD*, char const*, unsigned int, charset_info_st const*, Derivation) /home/marko/mariadb/server/sql/item.h:2978:37
|
#3 0x6f61ee in Item_partition_func_safe_string::Item_partition_func_safe_string(THD*, char const*, unsigned int, charset_info_st const*) /home/marko/mariadb/server/sql/item.h:3183:5
|
#4 0x94d293 in Item_blob::Item_blob(THD*, char const*, unsigned int) /home/marko/mariadb/server/sql/item.h:3209:5
|
#5 0x93761f in create_schema_table(THD*, TABLE_LIST*) /home/marko/mariadb/server/sql/sql_show.cc:7557:13
|
#6 0x93955c in mysql_schema_table(THD*, LEX*, TABLE_LIST*) /home/marko/mariadb/server/sql/sql_show.cc:7806:16
|
…
|
0x0000018b90ac is located 52 bytes to the left of global variable '<string literal>' defined in '/home/marko/mariadb/server/sql/sql_show.cc:8837:4' (0x18b90e0) of size 12
|
'<string literal>' is ascii string 'Info_binary'
|
0x0000018b90ac is located 0 bytes to the right of global variable '<string literal>' defined in '/home/marko/mariadb/server/sql/sql_show.cc:8836:4' (0x18b90a0) of size 12
|
'<string literal>' is ascii string 'INFO_BINARY'
|
The patch below works around the issue and allows the tests to pass (albeit with memory leaks ignored, because there is no ./mtr --sanitize option available):
diff --git a/sql/sql_show.cc b/sql/sql_show.cc
|
index ae3874506dd..c3610da05af 100644
|
--- a/sql/sql_show.cc
|
+++ b/sql/sql_show.cc
|
@@ -7555,7 +7555,8 @@ TABLE *create_schema_table(THD *thd, TABLE_LIST *table_list)
|
case MYSQL_TYPE_BLOB:
|
if (!(item= new (mem_root)
|
Item_blob(thd, fields_info->field_name,
|
- fields_info->field_length)))
|
+ std::min(unsigned (strlen(fields_info->field_name)),
|
+ fields_info->field_length))))
|
{
|
DBUG_RETURN(0);
|
} |
Note that in MariaDB 10.2, cmake -DWITH_ASAN does not work at all at the moment (the feature availability check fails).
Attachments
Issue Links
- relates to
-
-
- Closed
-