Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-22755

CREATE USER leads to indirect SIGABRT in __stack_chk_fail () from fill_schema_user_privileges + *** stack smashing detected *** (on optimized builds)

    XMLWordPrintable

    Details

      Description

      SET NAMES gbk;
      SET SQL_MODE='';
      CREATE USER очень_очень_очень_очень_длинный_юзер@localhost;
      SELECT * FROM INFORMATION_SCHEMA.user_privileges WHERE GRANTEE LIKE "'abcdefghijklmnopqrstuvwxyz'%";
      

      Leads to:

      10.5.4 8569dac1ec9f6853a0b2f3ea9bcbda67644ead24

      Version: '10.5.4-MariaDB'  socket: '/test/MD260520-mariadb-10.5.4-linux-x86_64-opt/socket.sock'  port: 17481  MariaDB Server
      *** stack smashing detected ***: <unknown> terminated
      200530 16:16:39 [ERROR] mysqld got signal 6 ;
      

      10.5.4 8569dac1ec9f6853a0b2f3ea9bcbda67644ead24

      Core was generated by `/test/MD260520-mariadb-10.5.4-linux-x86_64-opt/bin/mysqld --no-defaults --core-'.
      Program terminated with signal SIGABRT, Aborted.
      #0  __pthread_kill (threadid=<optimized out>, signo=signo@entry=6)
          at ../sysdeps/unix/sysv/linux/pthread_kill.c:57
      [Current thread is 1 (Thread 0x14736a636700 (LWP 894941))]
      (gdb) bt
      (gdb) (gdb) #0  __pthread_kill (threadid=<optimized out>, signo=signo@entry=6) at ../sysdeps/unix/sysv/linux/pthread_kill.c:57
      #1  0x0000560b5d489337 in my_write_core (sig=sig@entry=6) at /test/10.5_opt/mysys/stacktrace.c:518
      #2  0x0000560b5ce4b3ca in handle_fatal_signal (sig=6) at /test/10.5_opt/sql/signal_handler.cc:330
      #3  <signal handler called>
      #4  __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51
      #5  0x0000147368d7a801 in __GI_abort () at abort.c:79
      #6  0x0000147368dc3897 in __libc_message (action=action@entry=do_abort, fmt=fmt@entry=0x147368ef0988 "*** %s ***: %s terminated\n") at ../sysdeps/posix/libc_fatal.c:181
      #7  0x0000147368e6ecd1 in __GI___fortify_fail_abort (need_backtrace=need_backtrace@entry=false, msg=msg@entry=0x147368ef0966 "stack smashing detected") at fortify_fail.c:33
      #8  0x0000147368e6ec92 in __stack_chk_fail () at stack_chk_fail.c:29
      #9  0x0000560b5cbdf839 in fill_schema_user_privileges (thd=0x147347812018, tables=<optimized out>, cond=<optimized out>) at /test/10.5_opt/sql/sql_acl.cc:12266
      #10 0x0000560b5cccc4b5 in get_schema_tables_result (join=join@entry=0x147347848e88, executed_place=executed_place@entry=PROCESSED_BY_JOIN_EXEC) at /test/10.5_opt/sql/sql_show.cc:8658
      #11 0x0000560b5ccb300d in JOIN::exec_inner (this=this@entry=0x147347848e88) at /test/10.5_opt/sql/sql_select.cc:4421
      #12 0x0000560b5ccb3677 in JOIN::exec (this=this@entry=0x147347848e88) at /test/10.5_opt/sql/sql_select.cc:4245
      #13 0x0000560b5ccb19c2 in mysql_select (thd=thd@entry=0x147347812018, tables=0x1473478477c0, fields=@0x1473478472b0: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x147347847710, last = 0x147347849a08, elements = 4}, <No data fields>}, conds=0x147347848198, og_num=<optimized out>, order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=2684619520, result=0x147347848e60, unit=0x147347815e70, select_lex=0x147347847160) at /test/10.5_opt/sql/sql_select.cc:4669
      #14 0x0000560b5ccb2381 in handle_select (thd=thd@entry=0x147347812018, lex=lex@entry=0x147347815da8, result=result@entry=0x147347848e60, setup_tables_done_option=setup_tables_done_option@entry=0) at /test/10.5_opt/sql/sql_select.cc:417
      #15 0x0000560b5cc58e91 in execute_sqlcom_select (thd=thd@entry=0x147347812018, all_tables=0x1473478477c0) at /test/10.5_opt/sql/sql_parse.cc:6207
      #16 0x0000560b5cc54db2 in mysql_execute_command (thd=thd@entry=0x147347812018) at /test/10.5_opt/sql/sql_parse.cc:3939
      #17 0x0000560b5cc5bfac in mysql_parse (thd=0x147347812018, rawbuf=<optimized out>, length=99, parser_state=0x14736a6354b0, is_com_multi=<optimized out>, is_next_command=<optimized out>) at /test/10.5_opt/sql/sql_parse.cc:7991
      #18 0x0000560b5cc512b5 in dispatch_command (command=command@entry=COM_QUERY, thd=thd@entry=0x147347812018, packet=packet@entry=0x14734783a019 "SELECT * FROM INFORMATION_SCHEMA.user_privileges WHERE GRANTEE LIKE \"'abcdefghijklmnopqrstuvwxyz'%\"", packet_length=packet_length@entry=99, is_com_multi=is_com_multi@entry=false, is_next_command=is_next_command@entry=false) at /test/10.5_opt/sql/sql_parse.cc:1874
      #19 0x0000560b5cc4f6a4 in do_command (thd=0x147347812018) at /test/10.5_opt/sql/sql_parse.cc:1355
      #20 0x0000560b5cd44891 in do_handle_one_connection (connect=<optimized out>, connect@entry=0x1473680329b8, put_in_cache=put_in_cache@entry=true) at /test/10.5_opt/sql/sql_connect.cc:1411
      #21 0x0000560b5cd44bf4 in handle_one_connection (arg=arg@entry=0x1473680329b8) at /test/10.5_opt/sql/sql_connect.cc:1313
      #22 0x0000560b5d0b106a in pfs_spawn_thread (arg=0x14736804b018) at /test/10.5_opt/storage/perfschema/pfs.cc:2201
      #23 0x0000147369a5d6db in start_thread (arg=0x14736a636700) at pthread_create.c:463
      #24 0x0000147368e5b88f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95
      

      Bug confirmed present in:
      MariaDB: 10.1.46 (dbg), 10.1.46 (opt), 10.2.33 (dbg), 10.2.33 (opt), 10.3.24 (dbg), 10.3.24 (opt), 10.4.14 (dbg), 10.4.14 (opt), 10.5.4 (dbg), 10.5.4 (opt)

      Bug confirmed not present in:
      MySQL: 5.5.62 (dbg), 5.5.62 (opt), 5.6.47 (dbg), 5.6.47 (opt), 5.7.29 (dbg), 5.7.29 (opt), 8.0.19 (dbg), 8.0.19 (opt)

        Attachments

          Activity

            People

            Assignee:
            bar Alexander Barkov
            Reporter:
            Roel Roel Van de Paar
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: