heap-use-after-free in mysqlimport

CURRENT_TEST: main.mysqldump

mysqldump: Couldn't find table: "non_existing"

mysqldump: Got error: 1356: "View 'test.v1' references invalid table(s) or column(s) or function(s) or definer/invoker of view lack rights to use them" when using LOCK TABLES

mysqldump: Couldn't execute 'SHOW FIELDS FROM `v1`': View 'test.v1' references invalid table(s) or column(s) or function(s) or definer/invoker of view lack rights to use them (1356)

mysqldump: Got error: 1083: "Field separator argument is not what is expected; check the manual" when executing 'SELECT INTO OUTFILE'

mysqldump: Got error: 1083: "Field separator argument is not what is expected; check the manual" when executing 'SELECT INTO OUTFILE'

mysqldump: Got error: 1083: "Field separator argument is not what is expected; check the manual" when executing 'SELECT INTO OUTFILE'

mysqldump: user2 has insufficient privileges to SHOW CREATE PROCEDURE `sp1`!

mysqldump: Got error: 1146: "Table 'test.???????????????????????' doesn't exist" when using LOCK TABLES

/dev/shm/10.5a/client/mysqlimport: Error: 1146, Table 'test.words' doesn't exist, when using table: words

=================================================================

==126464==ERROR: AddressSanitizer: heap-use-after-free on address 0x61500000020f at pc 0x000000485417 bp 0x7ff7af1fb4f0 sp 0x7ff7af1facb0

READ of size 5 at 0x61500000020f thread T4

    #0 0x485416 in strdup (/dev/shm/10.5a/client/mariadb-import+0x485416)

    #1 0x4d8bc4 in mthd_my_real_connect /mariadb/10.5m/libmariadb/libmariadb/mariadb_lib.c:1535:21

    #2 0x4d79d1 in mysql_real_connect /mariadb/10.5m/libmariadb/libmariadb/mariadb_lib.c:1295:10

    #3 0x4cb629 in db_connect /mariadb/10.5m/client/mysqlimport.c:473:9

    #4 0x4cb184 in worker_thread /mariadb/10.5m/client/mysqlimport.c:605:16

    #5 0x7ff7b464af26 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x8f26)

    #6 0x7ff7b3ea331e in clone (/lib/x86_64-linux-gnu/libc.so.6+0xfd31e)

0x61500000020f is located 399 bytes inside of 496-byte region [0x615000000080,0x615000000270)

freed by thread T3 here:

    #0 0x498e7d in free (/dev/shm/10.5a/client/mariadb-import+0x498e7d)

    #1 0x57654b in my_free /mariadb/10.5m/mysys/my_malloc.c:209:3

    #2 0x567ce6 in free_root /mariadb/10.5m/mysys/my_alloc.c:416:7

    #3 0x55ffe9 in free_defaults /mariadb/10.5m/mysys/my_default.c:500:3

    #4 0x4cc18b in safe_exit /mariadb/10.5m/client/mysqlimport.c:518:3

    #5 0x4cc18b in db_error_with_table /mariadb/10.5m/client/mysqlimport.c:533:3

    #6 0x4cc18b in write_to_table /mariadb/10.5m/client/mysqlimport.c:384:5

    #7 0x4cb1ae in worker_thread /mariadb/10.5m/client/mysqlimport.c:619:14

previously allocated by thread T0 here:

    #0 0x4990fd in malloc (/dev/shm/10.5a/client/mariadb-import+0x4990fd)

    #1 0x575bfc in my_malloc /mariadb/10.5m/mysys/my_malloc.c:88:29

    #2 0x567002 in alloc_root /mariadb/10.5m/mysys/my_alloc.c:243:30

    #3 0x55fb2f in init_default_directories /mariadb/10.5m/mysys/my_default.c:1016:24

    #4 0x55e8eb in my_load_defaults /mariadb/10.5m/mysys/my_default.c:414:14

    #5 0x4cc3b7 in main /mariadb/10.5m/client/mysqlimport.c:643:3

    #6 0x7ff7b3dcce0a in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x26e0a)

Thread T4 created by T0 here:

    #0 0x483eaa in pthread_create (/dev/shm/10.5a/client/mariadb-import+0x483eaa)

    #1 0x4cc999 in main /mariadb/10.5m/client/mysqlimport.c:693:11

    #2 0x7ff7b3dcce0a in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x26e0a)

Thread T3 created by T0 here:

    #0 0x483eaa in pthread_create (/dev/shm/10.5a/client/mariadb-import+0x483eaa)

    #1 0x4cc999 in main /mariadb/10.5m/client/mysqlimport.c:693:11

    #2 0x7ff7b3dcce0a in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x26e0a)

SUMMARY: AddressSanitizer: heap-use-after-free (/dev/shm/10.5a/client/mariadb-import+0x485416) in strdup

Shadow bytes around the buggy address:

  0x0c2a7fff7ff0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

  0x0c2a7fff8000: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa

  0x0c2a7fff8010: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd

  0x0c2a7fff8020: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd

  0x0c2a7fff8030: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd

=>0x0c2a7fff8040: fd[fd]fd fd fd fd fd fd fd fd fd fd fd fd fa fa

  0x0c2a7fff8050: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa

  0x0c2a7fff8060: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd

  0x0c2a7fff8070: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd

  0x0c2a7fff8080: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd

  0x0c2a7fff8090: fd fd fd fd fd fd fd fd fd fd fd fd fd fa fa fa

Shadow byte legend (one shadow byte represents 8 application bytes):

  Addressable:           00

  Partially addressable: 01 02 03 04 05 06 07 

  Heap left redzone:       fa

  Freed heap region:       fd

  Stack left redzone:      f1

  Stack mid redzone:       f2

  Stack right redzone:     f3

  Stack after return:      f5

  Stack use after scope:   f8

  Global redzone:          f9

  Global init order:       f6

  Poisoned by user:        f7

  Container overflow:      fc

  Array cookie:            ac

  Intra object redzone:    bb

  ASan internal:           fe

  Left alloca redzone:     ca

  Right alloca redzone:    cb

  Shadow gap:              cc

==126464==ABORTING

Aborted

mysqltest: At line 1785: command "$MYSQL_IMPORT --silent --use-threads=2 test $MYSQLTEST_VARDIR/tmp/t1.txt $MYSQLTEST_VARDIR/tmp/t2.txt $MYSQLTEST_VARDIR/std_data/words.dat $MYSQLTEST_VARDIR/std_data/words2.dat" failed with wrong error: 134

ASAN_OPTIONS=abort_on_error=1 ./mtr --repeat=10 --parallel=auto main.mysqldump{,,,,,,,,,,,,,}

main.mysqldump 'innodb'                  w11 [ 2 pass ]  14034

main.mysqldump 'innodb'                  w11 [ 3 fail ]