Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-18633

ASAN heap-buffer-overflow in test_concurrently / unittests

    Details

    • Type: Bug
    • Status: Closed (View Workflow)
    • Priority: Major
    • Resolution: Duplicate
    • Affects Version/s: 10.3, 10.4
    • Fix Version/s: N/A
    • Component/s: Tests
    • Labels:
      None

      Description

      perl ./mtr unit.lf
      

      or

      perl ./mtr unit.my_atomic
      

      10.4 ASAN a4cd91c5

      ==4351==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x611000009ff0 at pc 0x55f58b75c604 bp 0x7ffdae33e240 sp 0x7ffdae33e238
      READ of size 8 at 0x611000009ff0 thread T0
          #0 0x55f58b75c603 in test_concurrently /data/src/10.3-bug/unittest/mysys/thr_template.c:47
          #1 0x55f58b75d22a in do_tests /data/src/10.3-bug/unittest/mysys/lf-t.c:187
          #2 0x55f58b75c80f in main /data/src/10.3-bug/unittest/mysys/thr_template.c:68
          #3 0x7efe4c9412b0 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x202b0)
          #4 0x55f58b75c3d9 in _start (/data/src/10.3-bug/unittest/mysys/lf-t+0x523d9)
       
      0x611000009ff0 is located 0 bytes to the right of 240-byte region [0x611000009f00,0x611000009ff0)
      allocated by thread T0 here:
          #0 0x7efe4e24873f in malloc (/usr/lib/x86_64-linux-gnu/libasan.so.1+0x5473f)
          #1 0x55f58b75c506 in test_concurrently /data/src/10.3-bug/unittest/mysys/thr_template.c:29
          #2 0x55f58b75d22a in do_tests /data/src/10.3-bug/unittest/mysys/lf-t.c:187
          #3 0x55f58b75c80f in main /data/src/10.3-bug/unittest/mysys/thr_template.c:68
          #4 0x7efe4c9412b0 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x202b0)
       
      SUMMARY: AddressSanitizer: heap-buffer-overflow /data/src/10.3-bug/unittest/mysys/thr_template.c:47 test_concurrently
      Shadow bytes around the buggy address:
        0x0c227fff93a0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
        0x0c227fff93b0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
        0x0c227fff93c0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
        0x0c227fff93d0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
        0x0c227fff93e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
      =>0x0c227fff93f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00[fa]fa
        0x0c227fff9400: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
        0x0c227fff9410: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
        0x0c227fff9420: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
        0x0c227fff9430: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
        0x0c227fff9440: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
      Shadow byte legend (one shadow byte represents 8 application bytes):
        Addressable:           00
        Partially addressable: 01 02 03 04 05 06 07 
        Heap left redzone:       fa
        Heap right redzone:      fb
        Freed heap region:       fd
        Stack left redzone:      f1
        Stack mid redzone:       f2
        Stack right redzone:     f3
        Stack partial redzone:   f4
        Stack after return:      f5
        Stack use after scope:   f8
        Global redzone:          f9
        Global init order:       f6
        Poisoned by user:        f7
        Contiguous container OOB:fc
        ASan internal:           fe
      ==4351==ABORTING
      

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                robertbindar Robert Bindar
                Reporter:
                elenst Elena Stepanova
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: