[MDEV-22393] Corruption for some SET GLOBAL innodb_… string variables - Jira

XML

Word

Printable

Details

Type: Bug
Status: Closed (View Workflow)
Priority: Blocker
Resolution: Fixed
Affects Version/s: 10.0(EOL), 10.1(EOL), 10.2(EOL), 10.3(EOL), 10.4(EOL), 10.5
Fix Version/s: 10.1.45, 10.2.32, 10.3.23, 10.4.13, 10.5.3
Component/s: Storage Engine - InnoDB, Storage Engine - XtraDB
Labels:
- upstream-fixed
- valgrind

Description

The MySQL 5.6.48 and MySQL 5.7.30 fix
Bug #29717909 MEMORY LIFETIME OF VARIABLES BETWEEN CHECK AND UPDATE INCORRECTLY MANAGED
includes a test case for a problem that affects MariaDB Server.
Several MYSQL_SYSVAR_STR parameters that are assigning a pointer to a stack-allocated buffer in the validate callback function. This pointer would go stale after the function returns, causing the variables to read as garbage later. The bug is caught by Valgrind, but for some reason I did not get any diagnostics from AddressSanitizer.

No MYSQL_SYSVAR_STR that are declared in MariaDB Server 5.5 for InnoDB or XtraDB are affected by this.

The affected variables in MySQL 5.6 include the following:

innodb_ft_aux_table (modified but not completely fixed in MariaDB by ~~MDEV-19445~~)
innodb_ft_server_stopword_table
innodb_ft_user_stopword_table (not covered by their test case)
innodb_buffer_pool_filename

Attachments

Issue Links

blocks

MDEV-22394 Merge new release of InnoDB 5.7.30 to 10.2

Closed

relates to

MDEV-19445 ASAN heap-use-after-free in ut_fold_string / dict_table_check_if_in_cache_low

Closed

Activity

People

Assignee:: Marko Mäkelä

Reporter:: Marko Mäkelä

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 2020-04-28 07:53

Updated:: 2020-04-28 16:21

Resolved:: 2020-04-28 16:21

Git Integration

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.