Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-19019

MariaDB 10.3.13 *** buffer overflow detected ***: mysql terminated

Details

    Description

      When enabling session_track_state_change, mysql cli crashes:

      Welcome to the MariaDB monitor.  Commands end with ; or \g.
      		 
      Your MariaDB connection id is 12471378
      		 
      Server version: 10.3.13-MariaDB MariaDB Server
      		 
       
      		 
      Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
      		 
       
      		 
      Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
      		 
       
      		 
      MariaDB [(none)]> set session_track_state_change = on;
      		 
      *** buffer overflow detected ***: mysql terminated
      		 
      ======= Backtrace: =========
      		 
      /lib64/libc.so.6(__fortify_fail+0x37)[0x7fed0b71a9e7]
      		 
      /lib64/libc.so.6(+0x115b62)[0x7fed0b718b62]
      		 
      mysql(ma_read_ok_packet+0x6d6)[0x55c790d75376]
      		 
      mysql(mthd_my_read_query_result+0x115)[0x55c790d75515]
      		 
      mysql(_Z25mysql_real_query_for_lazyPKcm+0x44)[0x55c790d64d84]
      		 
      mysql(+0x64b78)[0x55c790d67b78]
      		 
      mysql(+0x668ae)[0x55c790d698ae]
      		 
      mysql(main+0x63f)[0x55c790d5eaff]
      		 
      /lib64/libc.so.6(__libc_start_main+0xf5)[0x7fed0b6253d5]
      		 
      mysql(+0x5c07e)[0x55c790d5f07e]

      This seems related to CONC-392, however that should be fixed in 3.0.9 which is included in 10.3.13

      Attachments

        Issue Links

          relates to

          Bug - A problem which impairs or prevents the functions of the product. CONC-392 signal 6 after enabling `session_track_state_change

          • Major - Major loss of function.
          • Closed

          Activity

            elenst Elena Stepanova added a comment -

            Thanks for the report. Reproducible on 10.2, 10.3, 10.4

            10.3 f4484dfd

            		 
            Thread 1 (Thread 0x7f81b1359740 (LWP 5106)):
            		 
            #0  0x00007f81af560e44 in __memmove_avx_unaligned_erms () from /lib/x86_64-linux-gnu/libc.so.6
            		 
            #1  0x00005578da35093a in ma_read_ok_packet (mysql=0x5578da937080 <mysql>, pos=0x5578dac8fe29 "", length=12) at /data/src/10.3/libmariadb/libmariadb/mariadb_lib.c:2050
            		 
            #2  0x00005578da350ec9 in mthd_my_read_query_result (mysql=0x5578da937080 <mysql>) at /data/src/10.3/libmariadb/libmariadb/mariadb_lib.c:2139
            		 
            #3  0x00005578da351242 in mysql_real_query (mysql=0x5578da937080 <mysql>, query=0x5578dac848d0 "set session_track_state_change = on\n", length=35) at /data/src/10.3/libmariadb/libmariadb/mariadb_lib.c:2205
            		 
            #4  0x00005578da340a39 in mysql_real_query_for_lazy (buf=0x5578dac848d0 "set session_track_state_change = on\n", length=35) at /data/src/10.3/client/mysql.cc:2993
            		 
            #5  0x00005578da3417b5 in com_go (buffer=0x5578da937620 <glob_buffer>, line=0x0) at /data/src/10.3/client/mysql.cc:3256
            		 
            #6  0x00005578da33e695 in read_and_execute (interactive=false) at /data/src/10.3/client/mysql.cc:2138
            		 
            #7  0x00005578da33d142 in main (argc=5, argv=0x5578dac652d8) at /data/src/10.3/client/mysql.cc:1290

            elenst Elena Stepanova added a comment - Thanks for the report. Reproducible on 10.2, 10.3, 10.4 10.3 f4484dfd Thread 1 (Thread 0x7f81b1359740 (LWP 5106)): #0 0x00007f81af560e44 in __memmove_avx_unaligned_erms () from /lib/x86_64-linux-gnu/libc.so.6 #1 0x00005578da35093a in ma_read_ok_packet (mysql=0x5578da937080 <mysql>, pos=0x5578dac8fe29 "", length=12) at /data/src/10.3/libmariadb/libmariadb/mariadb_lib.c:2050 #2 0x00005578da350ec9 in mthd_my_read_query_result (mysql=0x5578da937080 <mysql>) at /data/src/10.3/libmariadb/libmariadb/mariadb_lib.c:2139 #3 0x00005578da351242 in mysql_real_query (mysql=0x5578da937080 <mysql>, query=0x5578dac848d0 "set session_track_state_change = on\n", length=35) at /data/src/10.3/libmariadb/libmariadb/mariadb_lib.c:2205 #4 0x00005578da340a39 in mysql_real_query_for_lazy (buf=0x5578dac848d0 "set session_track_state_change = on\n", length=35) at /data/src/10.3/client/mysql.cc:2993 #5 0x00005578da3417b5 in com_go (buffer=0x5578da937620 <glob_buffer>, line=0x0) at /data/src/10.3/client/mysql.cc:3256 #6 0x00005578da33e695 in read_and_execute (interactive=false) at /data/src/10.3/client/mysql.cc:2138 #7 0x00005578da33d142 in main (argc=5, argv=0x5578dac652d8) at /data/src/10.3/client/mysql.cc:1290

            People

              sanja Oleksandr Byelkin
              dicode Tim Westervoorde
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:

                Git Integration

                  Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.