Details
-
Bug
-
Status: Open (View Workflow)
-
Major
-
Resolution: Unresolved
-
10.5, 10.6, 10.7(EOL), 10.8(EOL)
Description
In both clang-10 and clang-12, a WITH_MSAN build of the server would crash with SIGSEGV if the ENCRYPT() function is evaluated. The problem seems to be related to the MSAN interceptor of the crypt() function. I was unable to reproduce this with a simple test program:
#include <crypt.h>
|
#include <stdio.h>
|
|
|
int main(int argc, char **argv) |
{
|
printf("crypt: %s\n", crypt(argv[1], "123")); |
return 0; |
}
|
clang-10 -fsanitize=undefined crypt.c -lcrypt
|
./a.out foo
|
I see that re-entrant versions of the C function crypt() exist, but we are using the original version with LOCK_crypt around it. Perhaps one of the other variants of the function would be intercepted better?
Note: No memory appears to be uninitialized. The following patch did not trigger anything; the very first sign of trouble was the SIGSEGV.
diff --git a/sql/item_strfunc.cc b/sql/item_strfunc.cc
|
index 0635556be40..3f9e023c793 100644
|
--- a/sql/item_strfunc.cc
|
+++ b/sql/item_strfunc.cc
|
@@ -2280,6 +2280,8 @@ String *Item_func_encrypt::val_str(String *str)
|
salt_ptr= salt_str->c_ptr_safe();
|
}
|
mysql_mutex_lock(&LOCK_crypt);
|
+ MEM_CHECK_DEFINED(res->c_ptr_safe(), res->length);
|
+ MEM_CHECK_DEFINED(salt_ptr, 2);
|
char *tmp= crypt(res->c_ptr_safe(),salt_ptr);
|
if (!tmp)
|
{ |
To work around this problem, I will move some encrypt() test cases from the files main.view and main.func_encrypt to the test main.func_crypt, which will be disabled in cmake -DWITH_MSAN=ON builds for now.
Attachments
Issue Links
- is blocked by
-
MDBF-793 Retire MSAN clang-15 builder, upgrade to clang-19
-
- In Progress
-
- relates to
-
MDBF-276 Apply changes to the MSAN builder
-
- Closed
-
-
-
- Closed
-