Details
-
Bug
-
Status: Open (View Workflow)
-
Major
-
Resolution: Unresolved
-
10.3
-
None
Description
# Run with --ssl on ASAN build |
|
--source include/restart_mysqld.inc
|
--echo # All done |
10.3 0121d5a7909 |
==6327==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7ffd386f4940 at pc 0x5643a734ce4c bp 0x7ffd386f4540 sp 0x7ffd386f4538
|
READ of size 8 at 0x7ffd386f4940 thread T0
|
#0 0x5643a734ce4b in ma_tls_read /data/src/10.3/libmariadb/libmariadb/secure/openssl.c:723
|
#1 0x5643a731b551 in ma_pvio_tls_read /data/src/10.3/libmariadb/libmariadb/ma_tls.c:90
|
#2 0x5643a7318e86 in ma_pvio_read /data/src/10.3/libmariadb/libmariadb/ma_pvio.c:250
|
#3 0x5643a73193b6 in ma_pvio_cache_read /data/src/10.3/libmariadb/libmariadb/ma_pvio.c:297
|
#4 0x5643a7379dac in ma_real_read /data/src/10.3/libmariadb/libmariadb/ma_net.c:373
|
#5 0x5643a737a4cc in ma_net_read /data/src/10.3/libmariadb/libmariadb/ma_net.c:427
|
#6 0x5643a72fa51c in ma_net_safe_read /data/src/10.3/libmariadb/libmariadb/mariadb_lib.c:192
|
#7 0x5643a7307559 in mthd_my_read_query_result /data/src/10.3/libmariadb/libmariadb/mariadb_lib.c:1987
|
#8 0x5643a7309555 in mysql_real_query /data/src/10.3/libmariadb/libmariadb/mariadb_lib.c:2184
|
#9 0x5643a72c1c94 in wrap_mysql_real_query(st_mysql*, char const*, unsigned long) /data/src/10.3/client/../tests/nonblock-wrappers.h:175
|
#10 0x5643a72cd6ff in var_query_set(VAR*, char const*, char const**) /data/src/10.3/client/mysqltest.cc:2727
|
#11 0x5643a72cf297 in eval_expr(VAR*, char const*, char const**, bool, bool) /data/src/10.3/client/mysqltest.cc:3043
|
#12 0x5643a72dfb9a in do_block(block_cmd, st_command*) /data/src/10.3/client/mysqltest.cc:6474
|
#13 0x5643a72ed502 in main /data/src/10.3/client/mysqltest.cc:9663
|
#14 0x7f192a10a2b0 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x202b0)
|
#15 0x5643a72c1619 in _start (/data/bld/10.3-asan/bin/mysqltest+0xda619)
|
|
Address 0x7ffd386f4940 is located in stack of thread T0 at offset 80 in frame
|
#0 0x5643a7307459 in mthd_my_read_query_result /data/src/10.3/libmariadb/libmariadb/mariadb_lib.c:1981
|
|
This frame has 5 object(s):
|
[32, 40) 'pos'
|
[160, 168) 'str'
|
[224, 232) 'data'
|
[288, 352) 'cs_name'
|
HINT: this may be a false positive if your program uses some custom stack unwind mechanism or swapcontext
|
(longjmp and C++ exceptions *are* supported)
|
SUMMARY: AddressSanitizer: stack-buffer-overflow /data/src/10.3/libmariadb/libmariadb/secure/openssl.c:723 ma_tls_read
|
Shadow bytes around the buggy address:
|
0x1000270d68d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
|
0x1000270d68e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
|
0x1000270d68f0: f1 f1 f1 f1 00 f4 f4 f4 f2 f2 f2 f2 00 f4 f4 f4
|
0x1000270d6900: f3 f3 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00
|
0x1000270d6910: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1
|
=>0x1000270d6920: f1 f1 00 f4 f4 f4 f2 f2[f2]f2 00 f4 f4 f4 f2 f2
|
0x1000270d6930: f2 f2 00 f4 f4 f4 f2 f2 f2 f2 00 f4 f4 f4 f2 f2
|
0x1000270d6940: f2 f2 00 00 00 00 00 00 00 00 f3 f3 f3 f3 00 00
|
0x1000270d6950: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
|
0x1000270d6960: 00 00 00 00 00 00 00 00 f1 f1 f1 f1 04 f4 f4 f4
|
0x1000270d6970: f3 f3 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00
|
Shadow byte legend (one shadow byte represents 8 application bytes):
|
Addressable: 00
|
Partially addressable: 01 02 03 04 05 06 07
|
Heap left redzone: fa
|
Heap right redzone: fb
|
Freed heap region: fd
|
Stack left redzone: f1
|
Stack mid redzone: f2
|
Stack right redzone: f3
|
Stack partial redzone: f4
|
Stack after return: f5
|
Stack use after scope: f8
|
Global redzone: f9
|
Global init order: f6
|
Poisoned by user: f7
|
Contiguous container OOB:fc
|
ASan internal: fe
|
==6327==ABORTING
|
Not reproducible on 10.2.