Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-20383

Use of uninitialized value in Datafile::find_space_id() for ROW_FORMAT=COMPRESSED

    Details

      Description

      This was originally found with Valgrind, but only occasionally. With MSAN (set up as explained in MDEV-20377), the problem is repeatable all the time:

      2019-08-19 15:18:43 0 [ERROR] InnoDB: Space ID in fsp header is 5, but in the page header it is 0.
      2019-08-19 15:18:43 0 [Note] InnoDB: A bad Space ID was found in datafile: ./test/t1.ibd, Space ID:18446744073709551615, Flags: 20
      2019-08-19 15:18:43 0 [Note] InnoDB: Page size:1024. Pages to analyze:48
      ==19192==WARNING: MemorySanitizer: use-of-uninitialized-value
          #0 0x3093e7c in buf_page_is_corrupted(bool, unsigned char const*, unsigned long) /mariadb/10.5/storage/innobase/buf/buf0buf.cc:1037:14
          #1 0x338b87b in Datafile::find_space_id() /mariadb/10.5/storage/innobase/fsp/fsp0file.cc:711:22
          #2 0x3389ba5 in Datafile::validate_for_recovery() /mariadb/10.5/storage/innobase/fsp/fsp0file.cc:461:9
          #3 0x331249d in fil_ibd_load(unsigned long, char const*, fil_space_t*&) /mariadb/10.5/storage/innobase/fil/fil0fil.cc:3746:15
        Uninitialized value was created by a heap allocation
          #0 0x6e79bd in __interceptor_malloc (/dev/shm/10.5/sql/mysqld+0x6e79bd)
          #1 0x338ad06 in Datafile::find_space_id() /mariadb/10.5/storage/innobase/fsp/fsp0file.cc:657:4
      

      In the investigated case, only the first 1024 bytes of the buffer are valid, and we are trying to compute the checksum for a partially uninitialized buffer. The following patch fixes this:

      diff --git a/storage/innobase/fsp/fsp0file.cc b/storage/innobase/fsp/fsp0file.cc
      index 4143e246f99..4869160b883 100644
      --- a/storage/innobase/fsp/fsp0file.cc
      +++ b/storage/innobase/fsp/fsp0file.cc
      @@ -699,7 +699,8 @@ Datafile::find_space_id()
       
       			/* For noncompressed pages, the page size must be
       			equal to srv_page_size. */
      -			if (page_size == srv_page_size) {
      +			if (page_size == srv_page_size
      +			    && !fil_space_t::zip_size(fsp_flags)) {
       				noncompressed_ok = !buf_page_is_corrupted(
       					false, page, fsp_flags);
       			}
      @@ -707,7 +708,7 @@ Datafile::find_space_id()
       			bool	compressed_ok = false;
       
       			if (srv_page_size <= UNIV_PAGE_SIZE_DEF
      -			    && page_size <= srv_page_size) {
      +			    && page_size == fil_space_t::zip_size(fsp_flags)) {
       				compressed_ok = !buf_page_is_corrupted(
       					false, page, fsp_flags);
       			}
      

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                marko Marko Mäkelä
                Reporter:
                marko Marko Mäkelä
              • Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: