[MDEV-20383] Use of uninitialized value in Datafile::find_space_id() for ROW_FORMAT=COMPRESSED - Jira

XML

Word

Printable

Details

Type: Bug
Status: Closed (View Workflow)
Priority: Major
Resolution: Fixed
Affects Version/s: 10.4.3
Fix Version/s: 10.4.8
Component/s: Storage Engine - InnoDB
Labels:
- regression
- valgrind

Description

This was originally found with Valgrind, but only occasionally. With MSAN (set up as explained in ~~MDEV-20377~~), the problem is repeatable all the time:

2019-08-19 15:18:43 0 [ERROR] InnoDB: Space ID in fsp header is 5, but in the page header it is 0.

2019-08-19 15:18:43 0 [Note] InnoDB: A bad Space ID was found in datafile: ./test/t1.ibd, Space ID:18446744073709551615, Flags: 20

2019-08-19 15:18:43 0 [Note] InnoDB: Page size:1024. Pages to analyze:48

==19192==WARNING: MemorySanitizer: use-of-uninitialized-value

    #0 0x3093e7c in buf_page_is_corrupted(bool, unsigned char const*, unsigned long) /mariadb/10.5/storage/innobase/buf/buf0buf.cc:1037:14

    #1 0x338b87b in Datafile::find_space_id() /mariadb/10.5/storage/innobase/fsp/fsp0file.cc:711:22

    #2 0x3389ba5 in Datafile::validate_for_recovery() /mariadb/10.5/storage/innobase/fsp/fsp0file.cc:461:9

    #3 0x331249d in fil_ibd_load(unsigned long, char const*, fil_space_t*&) /mariadb/10.5/storage/innobase/fil/fil0fil.cc:3746:15

…

  Uninitialized value was created by a heap allocation

    #0 0x6e79bd in __interceptor_malloc (/dev/shm/10.5/sql/mysqld+0x6e79bd)

    #1 0x338ad06 in Datafile::find_space_id() /mariadb/10.5/storage/innobase/fsp/fsp0file.cc:657:4

In the investigated case, only the first 1024 bytes of the buffer are valid, and we are trying to compute the checksum for a partially uninitialized buffer. The following patch fixes this:

diff --git a/storage/innobase/fsp/fsp0file.cc b/storage/innobase/fsp/fsp0file.cc

index 4143e246f99..4869160b883 100644

--- a/storage/innobase/fsp/fsp0file.cc

+++ b/storage/innobase/fsp/fsp0file.cc

@@ -699,7 +699,8 @@ Datafile::find_space_id()

 			/* For noncompressed pages, the page size must be

 			equal to srv_page_size. */

-			if (page_size == srv_page_size) {

+			if (page_size == srv_page_size

+			    && !fil_space_t::zip_size(fsp_flags)) {

 				noncompressed_ok = !buf_page_is_corrupted(

 					false, page, fsp_flags);

@@ -707,7 +708,7 @@ Datafile::find_space_id()

 			bool	compressed_ok = false;

 			if (srv_page_size <= UNIV_PAGE_SIZE_DEF

-			    && page_size <= srv_page_size) {

+			    && page_size == fil_space_t::zip_size(fsp_flags)) {

 				compressed_ok = !buf_page_is_corrupted(

 					false, page, fsp_flags);

Attachments

Issue Links

is caused by

MDEV-12026 Support encrypted SPATIAL INDEX

Closed

is part of

MDEV-20310 valgrind bugs found in 10.5

Open

relates to

MDEV-20377 Make WITH_MSAN more usable

Closed

Activity

People

Assignee:: Marko Mäkelä

Reporter:: Marko Mäkelä

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 2019-08-19 12:48

Updated:: 2019-08-19 13:33

Resolved:: 2019-08-19 13:33

Git Integration

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.