[MDEV-18220] [Draft] ASAN heap-use-after-free in fts_get_table_name_prefix - Jira

XML

Word

Printable

Details

Type: Bug
Status: Closed (View Workflow)
Priority: Major
Resolution: Fixed
Affects Version/s: 10.0(EOL), 10.1(EOL), 10.2(EOL), 10.3(EOL), 10.4(EOL)
Fix Version/s: 10.2.25, 10.1.41, 10.3.15, 10.4.5
Component/s: Full-text Search, Storage Engine - InnoDB, Storage Engine - XtraDB
Labels:
None

Description

https://travis-ci.org/elenst/travis-tests/jobs/478716599

10.4 301bd62b253
==6466==ERROR: AddressSanitizer: heap-use-after-free on address 0x60300006a210 at pc 0x7efdda35920b bp 0x7efd21814190 sp 0x7efd21813938
READ of size 2 at 0x60300006a210 thread T23
#0 0x7efdda35920a in __interceptor_strlen (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x7020a)
#1 0x55e020689b86 in fts_get_table_name_prefix(fts_table_t const*) /home/travis/src/storage/innobase/fts/fts0sql.cc:108
#2 0x55e020689d96 in fts_get_table_name(fts_table_t const, char) /home/travis/src/storage/innobase/fts/fts0sql.cc:146
#3 0x55e02064bb93 in fts_write_node(trx_t, que_fork_t, fts_table_t, fts_string_t, fts_node_t) /home/travis/src/storage/innobase/fts/fts0fts.cc:3878
#4 0x55e02064cd12 in fts_sync_write_words /home/travis/src/storage/innobase/fts/fts0fts.cc:4047
#5 0x55e02064d91e in fts_sync_index /home/travis/src/storage/innobase/fts/fts0fts.cc:4128
#6 0x55e02064efc6 in fts_sync /home/travis/src/storage/innobase/fts/fts0fts.cc:4373
#7 0x55e02064f712 in fts_sync_table(dict_table_t*, bool, bool, bool) /home/travis/src/storage/innobase/fts/fts0fts.cc:4458
#8 0x55e02066ff4a in fts_optimize_sync_table(unsigned long) /home/travis/src/storage/innobase/fts/fts0opt.cc:2829
#9 0x55e0206705e4 in fts_optimize_thread /home/travis/src/storage/innobase/fts/fts0opt.cc:2942
#10 0x7efdd8d9c6b9 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x76b9)
#11 0x7efdd823141c in clone (/lib/x86_64-linux-gnu/libc.so.6+0x10741c)
ASAN:SIGSEGV

elenst-dev 662a6c5cf9d Toolbox: 72830f51da

perl ./runall-new.pl --basedir=/home/travis/server --vardir=/home/travis/logs/vardir --duration=350 --threads=6 --seed=1547296526 --short-column-names --reporters=Backtrace,ErrorLog,Deadlock --validators=TransformerNoComparator --transformers=ExecuteAsExecuteImmediate,ExecuteAsInsertSelect,ExecuteAsUpdateDelete --redefine=conf/mariadb/alter_table.yy --redefine=conf/mariadb/instant_add.yy --redefine=conf/mariadb/modules/alter_table_columns.yy --redefine=conf/mariadb/sp.yy --redefine=conf/mariadb/bulk_insert.yy --redefine=conf/mariadb/modules/admin.yy --redefine=conf/mariadb/modules/foreign_keys.yy -redefine=conf/mariadb/modules/locks.yy --redefine=conf/mariadb/modules/sql_mode.yy --redefine=conf/mariadb/redefine_temporary_tables.yy --redefine=conf/mariadb/versioning.yy --redefine=conf/mariadb/sequences.yy --filter=/home/travis/mariadb-toolbox/travis/10.4-combo-filter.ff --mysqld=--log_output=FILE --mysqld=--max-statement-time=15 --mysqld=--lock-wait-timeout=10 --mysqld=--loose-innodb-lock-wait-timeout=5 --mysqld=--loose-debug_assert_on_not_freed_memory=0 --mysqld=--innodb-buffer-pool-size=2G --grammar=conf/engines/innodb/full_text_search.yy --gendata=conf/engines/innodb/full_text_search.zz --mysqld=--innodb-page-size=8K

Not reproducible right away, hitting other bugs instead.

Attachments

Issue Links

relates to

MDEV-18654 Failing assertion: sym_node->table != NULL in buildbot with innodb_fts.sync_ddl and outside

Closed

Activity

People

Assignee:: Marko Mäkelä

Reporter:: Elena Stepanova

Votes:: 1 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 2019-01-12 19:08

Updated:: 2019-05-14 11:07

Resolved:: 2019-05-10 05:25

Git Integration

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.