Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-23558

Galera heap-buffer-overflow at wsrep_schema.cc:1067

    XMLWordPrintable

Details

    • Bug
    • Status: Closed (View Workflow)
    • Major
    • Resolution: Fixed
    • 10.4(EOL), 10.5
    • 10.4.16, 10.5.7
    • Galera
    • None

    Description

      • How to repeat: ./mtr galera_sr.GCF-1043B 

        ==2610681==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x602000016658 at pc 0x55f4f9d2d31e bp 0x7f2d2ed24980 sp 0x7f2d2ed24970
        		 
        READ of size 8 at 0x602000016658 thread T36
        		 
            #0 0x55f4f9d2d31d in Wsrep_schema::remove_fragments(THD*, wsrep::id const&, wsrep::transaction_id, std::vector<wsrep::seqno, std::allocator<wsrep::seqno> > const&) /home/jan/mysql/10.4-bugs/sql/wsrep_schema.cc:1067
        		 
            #1 0x55f4f9cd0b38 in Wsrep_client_service::remove_fragments() /home/jan/mysql/10.4-bugs/sql/wsrep_client_service.cc:203
        		 
            #2 0x55f4fb408cbd in wsrep::transaction::before_prepare(wsrep::unique_lock<wsrep::mutex>&) /home/jan/mysql/10.4-bugs/wsrep-lib/src/transaction.cpp:307
        		 
            #3 0x55f4fb40974a in wsrep::transaction::before_commit() /home/jan/mysql/10.4-bugs/wsrep-lib/src/transaction.cpp:438
        		 
            #4 0x55f4f9cdee69 in wsrep::client_state::before_commit() /home/jan/mysql/10.4-bugs/wsrep-lib/include/wsrep/client_state.hpp:472
        		 
            #5 0x55f4f9ef79b8 in wsrep_before_commit /home/jan/mysql/10.4-bugs/sql/wsrep_trans_observer.h:273
        		 
            #6 0x55f4f9f005ef in ha_commit_trans(THD*, bool) /home/jan/mysql/10.4-bugs/sql/handler.cc:1548
        		 
            #7 0x55f4f9b1ff95 in trans_commit_stmt(THD*) /home/jan/mysql/10.4-bugs/sql/transaction.cc:436
        		 
            #8 0x55f4f9719ee2 in mysql_execute_command(THD*) /home/jan/mysql/10.4-bugs/sql/sql_parse.cc:6156
        		 
            #9 0x55f4f97253ed in mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) /home/jan/mysql/10.4-bugs/sql/sql_parse.cc:7896
        		 
            #10 0x55f4f9724180 in wsrep_mysql_parse /home/jan/mysql/10.4-bugs/sql/sql_parse.cc:7700
        		 
            #11 0x55f4f96fc358 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) /home/jan/mysql/10.4-bugs/sql/sql_parse.cc:1820
        		 
            #12 0x55f4f96f8f83 in do_command(THD*) /home/jan/mysql/10.4-bugs/sql/sql_parse.cc:1352
        		 
            #13 0x55f4f9ae4b2c in do_handle_one_connection(CONNECT*) /home/jan/mysql/10.4-bugs/sql/sql_connect.cc:1412
        		 
            #14 0x55f4f9ae43d0 in handle_one_connection /home/jan/mysql/10.4-bugs/sql/sql_connect.cc:1316
        		 
            #15 0x55f4fb17c320 in pfs_spawn_thread /home/jan/mysql/10.4-bugs/storage/perfschema/pfs.cc:1869
        		 
            #16 0x7f2d52c2b608 in start_thread /build/glibc-YYA7BZ/glibc-2.31/nptl/pthread_create.c:477
        		 
            #17 0x7f2d523e9102 in __clone (/lib/x86_64-linux-gnu/libc.so.6+0x122102)

      Attachments

        Activity

          People

            jplindst Jan Lindström (Inactive)
            jplindst Jan Lindström (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Git Integration

                Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.