[MDEV-18633] ASAN heap-buffer-overflow in test_concurrently / unittests - Jira

Details

Type: Bug
Status: Closed (View Workflow)
Priority: Major
Resolution: Duplicate
Affects Version/s: 10.3(EOL), 10.4(EOL)
Fix Version/s: N/A
Component/s: Tests
Labels:
None

Description

perl ./mtr unit.lf

perl ./mtr unit.my_atomic

10.4 ASAN a4cd91c5
==4351==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x611000009ff0 at pc 0x55f58b75c604 bp 0x7ffdae33e240 sp 0x7ffdae33e238
READ of size 8 at 0x611000009ff0 thread T0
#0 0x55f58b75c603 in test_concurrently /data/src/10.3-bug/unittest/mysys/thr_template.c:47
#1 0x55f58b75d22a in do_tests /data/src/10.3-bug/unittest/mysys/lf-t.c:187
#2 0x55f58b75c80f in main /data/src/10.3-bug/unittest/mysys/thr_template.c:68
#3 0x7efe4c9412b0 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x202b0)
#4 0x55f58b75c3d9 in _start (/data/src/10.3-bug/unittest/mysys/lf-t+0x523d9)

0x611000009ff0 is located 0 bytes to the right of 240-byte region [0x611000009f00,0x611000009ff0)
allocated by thread T0 here:
#0 0x7efe4e24873f in malloc (/usr/lib/x86_64-linux-gnu/libasan.so.1+0x5473f)
#1 0x55f58b75c506 in test_concurrently /data/src/10.3-bug/unittest/mysys/thr_template.c:29
#2 0x55f58b75d22a in do_tests /data/src/10.3-bug/unittest/mysys/lf-t.c:187
#3 0x55f58b75c80f in main /data/src/10.3-bug/unittest/mysys/thr_template.c:68
#4 0x7efe4c9412b0 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x202b0)

SUMMARY: AddressSanitizer: heap-buffer-overflow /data/src/10.3-bug/unittest/mysys/thr_template.c:47 test_concurrently
Shadow bytes around the buggy address:
0x0c227fff93a0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c227fff93b0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c227fff93c0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c227fff93d0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c227fff93e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x0c227fff93f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00[fa]fa
0x0c227fff9400: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c227fff9410: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c227fff9420: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c227fff9430: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c227fff9440: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Heap right redzone: fb
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack partial redzone: f4
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Contiguous container OOB:fc
ASan internal: fe
==4351==ABORTING

Attachments

Issue Links

duplicates

MDEV-18269 Off-by-one bug in

Closed

Activity

Ascending order - Click to sort in descending order

Robert Bindar added a comment - 2019-03-20 09:17

Hi elenst,
This issue seems to be fixed by commit 459d6da86955c89e96f6e9a8d3bc2a9b1756629b , I can't reproduce it anymore.

Robert Bindar added a comment - 2019-03-20 09:17 Hi elenst , This issue seems to be fixed by commit 459d6da86955c89e96f6e9a8d3bc2a9b1756629b , I can't reproduce it anymore.

Elena Stepanova added a comment - 2019-03-20 10:57

If you can reproduce it before the commit and cannot reproduce after, and the commit appears to be relevant, then you can just close it as fixed by that commit.

Elena Stepanova added a comment - 2019-03-20 10:57 If you can reproduce it before the commit and cannot reproduce after, and the commit appears to be relevant, then you can just close it as fixed by that commit.

People

Assignee:: Robert Bindar

Reporter:: Elena Stepanova

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 2019-02-18 18:01

Updated:: 2019-03-20 11:29

Resolved:: 2019-03-20 11:29

Git Integration

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.

MariaDB Server