Details
-
Bug
-
Status: Closed (View Workflow)
-
Major
-
Resolution: Fixed
-
10.2(EOL)
-
None
Description
But appeared after https://github.com/mariadb/server/commit/884d22f28884e1decced1dee9c69ddcb25002ed1
I wrongly assumed, size argument of buf_is_zeroes() is always a multiply of 4096.
http://buildbot.askmonty.org/buildbot/builders/kvm-asan/builds/3143/steps/mtr_nm/logs/stdio
==19300==ERROR: AddressSanitizer: use-after-poison on address 0x7f29ace29080 at pc 0x7f29b9120720 bp 0x7f29a9063130 sp 0x7f29a90628d8
|
READ of size 4096 at 0x7f29ace29080 thread T9
|
#0 0x7f29b912071f in memcmp (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x7771f)
|
#1 0x1a0ba07 in buf_is_zeroes(st_::span<unsigned char const>) /home/buildbot/buildbot/build/mariadb-10.2.32/storage/innobase/buf/buf0buf.cc:963
|
#2 0x1746c38 in page_zip_verify_checksum(unsigned char const*, unsigned long) /home/buildbot/buildbot/build/mariadb-10.2.32/storage/innobase/page/page0zip.cc:5005
|
#3 0x1a4851a in buf_flush_write_block_low /home/buildbot/buildbot/build/mariadb-10.2.32/storage/innobase/buf/buf0flu.cc:1075
|
#4 0x1a49212 in buf_flush_page(buf_pool_t*, buf_page_t*, buf_flush_t, bool) /home/buildbot/buildbot/build/mariadb-10.2.32/storage/innobase/buf/buf0flu.cc:1259
|
#5 0x1a49f2b in buf_flush_try_neighbors /home/buildbot/buildbot/build/mariadb-10.2.32/storage/innobase/buf/buf0flu.cc:1482
|
#6 0x1a4a628 in buf_flush_page_and_try_neighbors /home/buildbot/buildbot/build/mariadb-10.2.32/storage/innobase/buf/buf0flu.cc:1555
|
#7 0x1a4bd69 in buf_do_flush_list_batch /home/buildbot/buildbot/build/mariadb-10.2.32/storage/innobase/buf/buf0flu.cc:1813
|
#8 0x1a4c649 in buf_flush_batch(buf_pool_t*, buf_flush_t, unsigned long, unsigned long, flush_counters_t*) /home/buildbot/buildbot/build/mariadb-10.2.32/storage/innobase/buf/buf0flu.cc:1882
|
#9 0x1a4d207 in buf_flush_do_batch(buf_pool_t*, buf_flush_t, unsigned long, unsigned long, flush_counters_t*) /home/buildbot/buildbot/build/mariadb-10.2.32/storage/innobase/buf/buf0flu.cc:2052
|
#10 0x1a5292d in pc_flush_slot /home/buildbot/buildbot/build/mariadb-10.2.32/storage/innobase/buf/buf0flu.cc:2860
|
#11 0x1a5491d in buf_flush_page_cleaner_coordinator /home/buildbot/buildbot/build/mariadb-10.2.32/storage/innobase/buf/buf0flu.cc:3280
|
#12 0x7f29b79636b9 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x76b9)
|
#13 0x7f29b6df882c in clone (/lib/x86_64-linux-gnu/libc.so.6+0x10682c)
|
 |
AddressSanitizer can not describe address in more detail (wild memory access suspected).
|
SUMMARY: AddressSanitizer: use-after-poison ??:0 memcmp
|
Shadow bytes around the buggy address:
|
0x0fe5b59bd1c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
|
0x0fe5b59bd1d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
|
0x0fe5b59bd1e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
|
0x0fe5b59bd1f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
|
0x0fe5b59bd200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
|
=>0x0fe5b59bd210:[f7]00 00 00 00 00 00 00 00 00 00 00 00 00 03 f7
|
0x0fe5b59bd220: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 f7 00
|
0x0fe5b59bd230: 00 00 00 00 00 00 00 00 00 00 00 00 03 f7 00 00
|
0x0fe5b59bd240: 00 00 00 00 00 00 00 00 00 00 00 03 f7 00 00 00
|
0x0fe5b59bd250: 00 00 00 00 00 00 00 00 00 00 03 f7 00 00 00 00
|
0x0fe5b59bd260: 00 00 00 00 00 00 00 00 00 03 f7 00 00 00 00 00
|
Shadow byte legend (one shadow byte represents 8 application bytes):
|
Addressable: 00
|
Partially addressable: 01 02 03 04 05 06 07
|
Heap left redzone: fa
|
Heap right redzone: fb
|
Freed heap region: fd
|
Stack left redzone: f1
|
Stack mid redzone: f2
|
Stack right redzone: f3
|
Stack partial redzone: f4
|
Stack after return: f5
|
Stack use after scope: f8
|
Global redzone: f9
|
Global init order: f6
|
Poisoned by user: f7
|
Container overflow: fc
|
Array cookie: ac
|
Intra object redzone: bb
|
ASan internal: fe
|