Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-19019

MariaDB 10.3.13 *** buffer overflow detected ***: mysql terminated

Details

    Description

      When enabling session_track_state_change, mysql cli crashes:

      Welcome to the MariaDB monitor.  Commands end with ; or \g.
      		 
      Your MariaDB connection id is 12471378
      		 
      Server version: 10.3.13-MariaDB MariaDB Server
      		 
       
      		 
      Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
      		 
       
      		 
      Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
      		 
       
      		 
      MariaDB [(none)]> set session_track_state_change = on;
      		 
      *** buffer overflow detected ***: mysql terminated
      		 
      ======= Backtrace: =========
      		 
      /lib64/libc.so.6(__fortify_fail+0x37)[0x7fed0b71a9e7]
      		 
      /lib64/libc.so.6(+0x115b62)[0x7fed0b718b62]
      		 
      mysql(ma_read_ok_packet+0x6d6)[0x55c790d75376]
      		 
      mysql(mthd_my_read_query_result+0x115)[0x55c790d75515]
      		 
      mysql(_Z25mysql_real_query_for_lazyPKcm+0x44)[0x55c790d64d84]
      		 
      mysql(+0x64b78)[0x55c790d67b78]
      		 
      mysql(+0x668ae)[0x55c790d698ae]
      		 
      mysql(main+0x63f)[0x55c790d5eaff]
      		 
      /lib64/libc.so.6(__libc_start_main+0xf5)[0x7fed0b6253d5]
      		 
      mysql(+0x5c07e)[0x55c790d5f07e]

      This seems related to CONC-392, however that should be fixed in 3.0.9 which is included in 10.3.13

      Attachments

        Issue Links

          relates to

          Bug - A problem which impairs or prevents the functions of the product. CONC-392 signal 6 after enabling `session_track_state_change

          • Major - Major loss of function.
          • Closed

          Activity

            Ascending order - Click to sort in descending order
            dicode Tim Westervoorde created issue -
            dicode Tim Westervoorde made changes -
            Field Original Value New Value
            Description When enabling session_track_state_change, mysql cli crashes:

            {code:java}
            Welcome to the MariaDB monitor. Commands end with ; or \g.
            Your MariaDB connection id is 12471378
            Server version: 10.3.13-MariaDB MariaDB Server

            Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.

            Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

            MariaDB [(none)]> set session_track_state_change = on;
            *** buffer overflow detected ***: mysql terminated
            ======= Backtrace: =========
            /lib64/libc.so.6(__fortify_fail+0x37)[0x7fed0b71a9e7]
            /lib64/libc.so.6(+0x115b62)[0x7fed0b718b62]
            mysql(ma_read_ok_packet+0x6d6)[0x55c790d75376]
            mysql(mthd_my_read_query_result+0x115)[0x55c790d75515]
            mysql(_Z25mysql_real_query_for_lazyPKcm+0x44)[0x55c790d64d84]
            mysql(+0x64b78)[0x55c790d67b78]
            mysql(+0x668ae)[0x55c790d698ae]
            mysql(main+0x63f)[0x55c790d5eaff]
            /lib64/libc.so.6(__libc_start_main+0xf5)[0x7fed0b6253d5]
            mysql(+0x5c07e)[0x55c790d5f07e]

            {code}

            dicode Tim Westervoorde made changes -
            Affects Version/s 10.3.13 [ 23215 ]
            dicode Tim Westervoorde made changes -
            dicode Tim Westervoorde made changes -
            Description When enabling session_track_state_change, mysql cli crashes:

            {code:java}
            Welcome to the MariaDB monitor. Commands end with ; or \g.
            Your MariaDB connection id is 12471378
            Server version: 10.3.13-MariaDB MariaDB Server

            Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.

            Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

            MariaDB [(none)]> set session_track_state_change = on;
            *** buffer overflow detected ***: mysql terminated
            ======= Backtrace: =========
            /lib64/libc.so.6(__fortify_fail+0x37)[0x7fed0b71a9e7]
            /lib64/libc.so.6(+0x115b62)[0x7fed0b718b62]
            mysql(ma_read_ok_packet+0x6d6)[0x55c790d75376]
            mysql(mthd_my_read_query_result+0x115)[0x55c790d75515]
            mysql(_Z25mysql_real_query_for_lazyPKcm+0x44)[0x55c790d64d84]
            mysql(+0x64b78)[0x55c790d67b78]
            mysql(+0x668ae)[0x55c790d698ae]
            mysql(main+0x63f)[0x55c790d5eaff]
            /lib64/libc.so.6(__libc_start_main+0xf5)[0x7fed0b6253d5]
            mysql(+0x5c07e)[0x55c790d5f07e]

            {code}

            		When enabling session_track_state_change, mysql cli crashes:

            {code:java}
            Welcome to the MariaDB monitor. Commands end with ; or \g.
            Your MariaDB connection id is 12471378
            Server version: 10.3.13-MariaDB MariaDB Server

            Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.

            Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

            MariaDB [(none)]> set session_track_state_change = on;
            *** buffer overflow detected ***: mysql terminated
            ======= Backtrace: =========
            /lib64/libc.so.6(__fortify_fail+0x37)[0x7fed0b71a9e7]
            /lib64/libc.so.6(+0x115b62)[0x7fed0b718b62]
            mysql(ma_read_ok_packet+0x6d6)[0x55c790d75376]
            mysql(mthd_my_read_query_result+0x115)[0x55c790d75515]
            mysql(_Z25mysql_real_query_for_lazyPKcm+0x44)[0x55c790d64d84]
            mysql(+0x64b78)[0x55c790d67b78]
            mysql(+0x668ae)[0x55c790d698ae]
            mysql(main+0x63f)[0x55c790d5eaff]
            /lib64/libc.so.6(__libc_start_main+0xf5)[0x7fed0b6253d5]
            mysql(+0x5c07e)[0x55c790d5f07e]

            {code}

            This seems related to CONC-392, however that should be fixed in 3.0.9 which is included in 10.3.13
            elenst Elena Stepanova made changes -
            Status Open [ 1 ] Confirmed [ 10101 ]
            elenst Elena Stepanova added a comment -

            Thanks for the report. Reproducible on 10.2, 10.3, 10.4

            10.3 f4484dfd

            		 
            Thread 1 (Thread 0x7f81b1359740 (LWP 5106)):
            		 
            #0  0x00007f81af560e44 in __memmove_avx_unaligned_erms () from /lib/x86_64-linux-gnu/libc.so.6
            		 
            #1  0x00005578da35093a in ma_read_ok_packet (mysql=0x5578da937080 <mysql>, pos=0x5578dac8fe29 "", length=12) at /data/src/10.3/libmariadb/libmariadb/mariadb_lib.c:2050
            		 
            #2  0x00005578da350ec9 in mthd_my_read_query_result (mysql=0x5578da937080 <mysql>) at /data/src/10.3/libmariadb/libmariadb/mariadb_lib.c:2139
            		 
            #3  0x00005578da351242 in mysql_real_query (mysql=0x5578da937080 <mysql>, query=0x5578dac848d0 "set session_track_state_change = on\n", length=35) at /data/src/10.3/libmariadb/libmariadb/mariadb_lib.c:2205
            		 
            #4  0x00005578da340a39 in mysql_real_query_for_lazy (buf=0x5578dac848d0 "set session_track_state_change = on\n", length=35) at /data/src/10.3/client/mysql.cc:2993
            		 
            #5  0x00005578da3417b5 in com_go (buffer=0x5578da937620 <glob_buffer>, line=0x0) at /data/src/10.3/client/mysql.cc:3256
            		 
            #6  0x00005578da33e695 in read_and_execute (interactive=false) at /data/src/10.3/client/mysql.cc:2138
            		 
            #7  0x00005578da33d142 in main (argc=5, argv=0x5578dac652d8) at /data/src/10.3/client/mysql.cc:1290

            elenst Elena Stepanova added a comment - Thanks for the report. Reproducible on 10.2, 10.3, 10.4 10.3 f4484dfd Thread 1 (Thread 0x7f81b1359740 (LWP 5106)): #0 0x00007f81af560e44 in __memmove_avx_unaligned_erms () from /lib/x86_64-linux-gnu/libc.so.6 #1 0x00005578da35093a in ma_read_ok_packet (mysql=0x5578da937080 <mysql>, pos=0x5578dac8fe29 "", length=12) at /data/src/10.3/libmariadb/libmariadb/mariadb_lib.c:2050 #2 0x00005578da350ec9 in mthd_my_read_query_result (mysql=0x5578da937080 <mysql>) at /data/src/10.3/libmariadb/libmariadb/mariadb_lib.c:2139 #3 0x00005578da351242 in mysql_real_query (mysql=0x5578da937080 <mysql>, query=0x5578dac848d0 "set session_track_state_change = on\n", length=35) at /data/src/10.3/libmariadb/libmariadb/mariadb_lib.c:2205 #4 0x00005578da340a39 in mysql_real_query_for_lazy (buf=0x5578dac848d0 "set session_track_state_change = on\n", length=35) at /data/src/10.3/client/mysql.cc:2993 #5 0x00005578da3417b5 in com_go (buffer=0x5578da937620 <glob_buffer>, line=0x0) at /data/src/10.3/client/mysql.cc:3256 #6 0x00005578da33e695 in read_and_execute (interactive=false) at /data/src/10.3/client/mysql.cc:2138 #7 0x00005578da33d142 in main (argc=5, argv=0x5578dac652d8) at /data/src/10.3/client/mysql.cc:1290
            elenst Elena Stepanova made changes -
            Component/s libmariadb [ 14006 ]
            Component/s Scripts & Clients [ 11002 ]
            Fix Version/s 10.2 [ 14601 ]
            Fix Version/s 10.3 [ 22126 ]
            Fix Version/s 10.4 [ 22408 ]
            Affects Version/s 10.2 [ 14601 ]
            Affects Version/s 10.3 [ 22126 ]
            Affects Version/s 10.4 [ 22408 ]
            Assignee Oleksandr Byelkin [ sanja ]
            serg Sergei Golubchik made changes -
            Workflow MariaDB v3 [ 93466 ] MariaDB v4 [ 144124 ]
            ralf.gebhardt Ralf Gebhardt made changes -
            Fix Version/s 10.2 [ 14601 ]
            julien.fritsch Julien Fritsch made changes -
            Fix Version/s 10.3 [ 22126 ]

            People

              sanja Oleksandr Byelkin
              dicode Tim Westervoorde
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:

                Git Integration

                  Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.