Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-20312

InnoDB encryption accesses memory outside of allocated block part 2

    XMLWordPrintable

    Details

      Description

      mtr --valgrind encryption.innodb-compressed-blob encryption.innochecksum
       
      ==16528== Invalid read of size 2
      ==16528==    at 0x4C356A7: memmove (vg_replace_strmem.c:1271)
      ==16528==    by 0x15763CB: wolfSSL_EVP_CipherUpdate (evp.c:361)
      ==16528==    by 0x1437729: MyCTX::update(unsigned char const*, unsigned int, unsigned char*, unsigned int*) (my_crypt.cc:85)
      ==16528==    by 0x143796F: MyCTX_nopad::update(unsigned char const*, unsigned int, unsigned char*, unsigned int*) (my_crypt.cc:143)
      ==16528==    by 0x14372F1: my_aes_crypt_update (my_crypt.cc:310)
      ==16528==    by 0x160A4E3: ctx_update(void*, unsigned char const*, unsigned int, unsigned char*, unsigned int*) (file_key_management_plugin.cc:145)
      ==16528==    by 0xADF5FA: encryption_crypt (service_encryption.h:119)
      ==16528==    by 0xADFF2F: do_crypt(unsigned char const*, unsigned int, unsigned char*, unsigned int*, st_encryption_scheme*, unsigned int, unsigned int, unsigned int, unsigned long long, int) (encryption.cc:223)
      ==16528==    by 0xADFFD1: encryption_scheme_decrypt (encryption.cc:244)
      ==16528==    by 0x12CDC0A: fil_space_decrypt_full_crc32(unsigned long, fil_space_crypt_t*, unsigned char*, unsigned char*, dberr_t*) (fil0crypt.cc:842)
      ==16528==    by 0x12CE1AB: fil_space_decrypt(unsigned long, fil_space_crypt_t*, unsigned char*, unsigned long, unsigned long, unsigned char*, dberr_t*) (fil0crypt.cc:976)
      ==16528==    by 0x12CE311: fil_space_decrypt(fil_space_t const*, unsigned char*, unsigned char*, bool*) (fil0crypt.cc:1011)
      ==16528==    by 0x1225662: buf_page_decrypt_after_read(buf_page_t*, fil_space_t*) (buf0buf.cc:555)
      ==16528==    by 0x1236C18: buf_page_io_complete(buf_page_t*, bool, bool) (buf0buf.cc:6019)
      ==16528==    by 0x126133D: buf_read_page_low(dberr_t*, bool, unsigned long, unsigned long, page_id_t, unsigned long, bool, bool) (buf0rea.cc:203)
      ==16528==    by 0x1261AE7: buf_read_page(page_id_t, unsigned long) (buf0rea.cc:411)
      ==16528==  Address 0x10120000 is 0 bytes after a block of size 16,384 alloc'd
      ==16528==    at 0x4C30833: memalign (vg_replace_malloc.c:908)
      ==16528==    by 0x4C30936: posix_memalign (vg_replace_malloc.c:1072)
      ==16528==    by 0x123B9B6: aligned_malloc(unsigned long, unsigned long) (buf0buf.cc:130)
      ==16528==    by 0x12250C1: buf_tmp_reserve_crypt_buf(buf_tmp_buffer_t*) (buf0buf.cc:441)
      ==16528==    by 0x1225626: buf_page_decrypt_after_read(buf_page_t*, fil_space_t*) (buf0buf.cc:550)
      ==16528==    by 0x1236C18: buf_page_io_complete(buf_page_t*, bool, bool) (buf0buf.cc:6019)
      ==16528==    by 0x126133D: buf_read_page_low(dberr_t*, bool, unsigned long, unsigned long, page_id_t, unsigned long, bool, bool) (buf0rea.cc:203)
      ==16528==    by 0x1261AE7: buf_read_page(page_id_t, unsigned long) (buf0rea.cc:411)
      ==16528==    by 0x1231BA8: buf_page_get_gen(page_id_t, unsigned long, unsigned long, buf_block_t*, unsigned long, char const*, unsigned int, mtr_t*, dberr_t*) (buf0buf.cc:4380)
      ==16528==    by 0x1268263: dict_hdr_get(mtr_t*) (dict0boot.cc:49)
      ==16528==    by 0x126893A: dict_boot() (dict0boot.cc:276)
      ==16528==    by 0x116D1EA: srv_start(bool) (srv0start.cc:1881)
      ==16528==    by 0xF83B6C: innodb_init(void*) (ha_innodb.cc:4127)
      ==16528==    by 0xBA2FC4: ha_initialize_handlerton(st_plugin_int*) (handler.cc:550)
      ==16528==    by 0x8A3030: plugin_initialize(st_mem_root*, st_plugin_int*, int*, char**, bool) (sql_plugin.cc:1437)
      ==16528==    by 0x8A3C2C: plugin_init(int*, char**, int) (sql_plugin.cc:1719)
      

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              marko Marko Mäkelä
              Reporter:
              monty Michael Widenius
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: