Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-29854

SIGSEGV in spider_string::length on LOCK TABLES

Details

    Description

      Interestingly, this issue seems to exist only in 10.4 and 10.11.

      INSTALL PLUGIN Spider SONAME 'ha_spider.so';
      		 
      CREATE SERVER srv FOREIGN DATA WRAPPER MYSQL OPTIONS (SOCKET'',DATABASE'',USER'',PASSWORD '');
      		 
      CREATE TABLE t (c INT KEY,b INT UNIQUE) ENGINE=Spider;
      		 
      CREATE TABLE t2 (c INT,d INT,CONSTRAINT fk FOREIGN KEY(d,c) REFERENCES t (c,d)) ENGINE=Spider COMMENT='WRAPPER "mysql",srv "srv",TABLE "t"';
      		 
      LOCK TABLES t WRITE,t2 WRITE;
      		 
      TRUNCATE t2;
      		 
      LOCK TABLES t2 AS a WRITE;

      Leads to:

      10.11.1 50c5743adc87e1cdec1431a02558f6540fe5a6d5 (Debug)

      		 
      Core was generated by `/test/MD221022-mariadb-10.11.1-linux-x86_64-dbg/bin/mysqld --no-defaults --core'.
      		 
      Program terminated with signal SIGSEGV, Segmentation fault.
      		 
      #0  spider_string::length (this=0x2) at /test/10.11_dbg/sql/sql_string.h:278
      		 
      278	  inline uint32 length() const { return str_length;}
      		 
      [Current thread is 1 (Thread 0x14f9d0050700 (LWP 449653))]
      		 
      (gdb) bt
      		 
      #0  spider_string::length (this=0x2) at /test/10.11_dbg/sql/sql_string.h:278
      		 
      #1  0x000014f9a774492a in spider_link_get_key (link_for_hash=0x14f9700c5338, length=0x14f9d004e8f8, not_used=<optimized out>) at /test/10.11_dbg/storage/spider/spd_table.cc:385
      		 
      #2  0x000055843f6a937c in my_hash_key (first=1 '\001', length=0x14f9d004e8f8, record=<optimized out>, hash=0x14f9700c6008) at /test/10.11_dbg/mysys/hash.c:196
      		 
      #3  hashcmp (hash=hash@entry=0x14f9700c6008, pos=pos@entry=0x14f9700c60c8, key=key@entry=0x14f970089498 "`test`.`t`", length=length@entry=10) at /test/10.11_dbg/mysys/hash.c:379
      		 
      #4  0x000055843f6a95aa in my_hash_first_from_hash_value (hash=hash@entry=0x14f9700c6008, hash_value=<optimized out>, key=0x14f970089498 "`test`.`t`", length=length@entry=10, current_record=current_record@entry=0x14f9d004e99c) at /test/10.11_dbg/mysys/hash.c:290
      		 
      #5  0x000055843f6a95fb in my_hash_search_using_hash_value (hash=hash@entry=0x14f9700c6008, hash_value=<optimized out>, key=<optimized out>, length=length@entry=10) at /test/10.11_dbg/mysys/hash.c:244
      		 
      #6  0x000014f9a77a2324 in spider_mbase_handler::append_lock_tables_list (this=0x14f970083090, conn=0x14f9700c5398, link_idx=0, appended=0x14f9d004ea1c) at /test/10.11_dbg/storage/spider/spd_db_mysql.cc:13130
      		 
      #7  0x000014f9a778fa6e in ha_spider::append_lock_tables_list (this=this@entry=0x14f9700b6a80) at /test/10.11_dbg/storage/spider/ha_spider.cc:12081
      		 
      #8  0x000014f9a778feac in ha_spider::store_lock (this=0x14f9700b6a80, thd=0x14f970000d48, to=0x14f9700b9528, lock_type=TL_WRITE) at /test/10.11_dbg/storage/spider/ha_spider.cc:775
      		 
      #9  0x000055843f115d40 in get_lock_data (thd=thd@entry=0x14f970000d48, table_ptr=table_ptr@entry=0x14f970013be0, count=count@entry=1, flags=flags@entry=1) at /test/10.11_dbg/sql/sql_string.h:655
      		 
      #10 0x000055843f116160 in mysql_lock_tables (thd=thd@entry=0x14f970000d48, tables=tables@entry=0x14f970013be0, count=count@entry=1, flags=flags@entry=0) at /test/10.11_dbg/sql/lock.cc:301
      		 
      #11 0x000055843ec46af1 in lock_tables (thd=thd@entry=0x14f970000d48, tables=0x14f970013308, count=<optimized out>, flags=flags@entry=0) at /test/10.11_dbg/sql/sql_base.cc:5821
      		 
      #12 0x000055843ecc2240 in lock_tables_open_and_lock_tables (thd=thd@entry=0x14f970000d48, tables=<optimized out>) at /test/10.11_dbg/sql/sql_parse.cc:2958
      		 
      #13 0x000055843eccdd2e in mysql_execute_command (thd=thd@entry=0x14f970000d48, is_called_from_prepared_stmt=is_called_from_prepared_stmt@entry=false) at /test/10.11_dbg/sql/sql_parse.cc:5124
      		 
      #14 0x000055843ecb8f90 in mysql_parse (thd=thd@entry=0x14f970000d48, rawbuf=<optimized out>, length=<optimized out>, parser_state=parser_state@entry=0x14f9d004f300) at /test/10.11_dbg/sql/sql_parse.cc:8023
      		 
      #15 0x000055843ecc64ac in dispatch_command (command=command@entry=COM_QUERY, thd=thd@entry=0x14f970000d48, packet=packet@entry=0x14f97000af09 "LOCK TABLES t2 AS a WRITE", packet_length=packet_length@entry=25, blocking=blocking@entry=true) at /test/10.11_dbg/sql/sql_class.h:1346
      		 
      #16 0x000055843ecc88f4 in do_command (thd=0x14f970000d48, blocking=blocking@entry=true) at /test/10.11_dbg/sql/sql_parse.cc:1407
      		 
      #17 0x000055843ee25067 in do_handle_one_connection (connect=<optimized out>, connect@entry=0x5584412ffdd8, put_in_cache=put_in_cache@entry=true) at /test/10.11_dbg/sql/sql_connect.cc:1416
      		 
      #18 0x000055843ee25536 in handle_one_connection (arg=0x5584412ffdd8) at /test/10.11_dbg/sql/sql_connect.cc:1318
      		 
      #19 0x000014f9e910a609 in start_thread (arg=<optimized out>) at pthread_create.c:477
      		 
      #20 0x000014f9e8cf6133 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

      Bug confirmed present in:
      MariaDB: 10.4.27 (dbg), 10.11.1 (dbg)

      Bug (or feature/syntax) confirmed not present in:
      MariaDB: 10.3.37 (dbg), 10.3.37 (opt), 10.4.27 (opt), 10.5.18 (dbg), 10.5.18 (opt), 10.6.10 (dbg), 10.6.10 (opt), 10.7.6 (dbg), 10.7.6 (opt), 10.8.5 (dbg), 10.8.5 (opt), 10.9.3 (dbg), 10.9.3 (opt), 10.10.2 (dbg), 10.10.2 (opt), 10.11.1 (opt)
      MySQL: 5.5.62 (dbg), 5.5.62 (opt), 5.6.51 (dbg), 5.6.51 (opt), 5.7.38 (dbg), 5.7.38 (opt), 8.0.29 (dbg), 8.0.29 (opt)

      Attachments

        Issue Links

          duplicates

          Bug - A problem which impairs or prevents the functions of the product. MDEV-29963 SIGSEGV in spider_db_mbase::append_lock_tables on LOCK TABLES

          • Critical - Crashes, loss of data, severe memory leak.
          • Closed

          Bug - A problem which impairs or prevents the functions of the product. MDEV-31357 ASAN heap-use-after-free in spider_link_get_key on LOCK TABLES

          • Major - Major loss of function.
          • Closed
          relates to

          Bug - A problem which impairs or prevents the functions of the product. MDEV-29583 Disallow Spider self/dual/multi/cross-referencing tables, consider not executing/skipping/disabling init_connect for Spider user

          • Major - Major loss of function.
          • Closed

          Task - A task that needs to be done. MDEV-30580 Investigate whether self-/multi- referencing spider tables cause problems

          • Major - Major loss of function.
          • Open

          Bug - A problem which impairs or prevents the functions of the product. MDEV-32451 Hang when locking both spider table and remote table in the same statement

          • Major - Major loss of function.
          • Confirmed

          Bug - A problem which impairs or prevents the functions of the product. MDEV-35011 SIGSEGV in spider_db_mbase::append_lock_tables (or spider_string::length) on SELECT, ASAN: heap-use-after-free in spider_link_get_key

          • Major - Major loss of function.
          • Open
          split to

          Bug - A problem which impairs or prevents the functions of the product. MDEV-32451 Hang when locking both spider table and remote table in the same statement

          • Major - Major loss of function.
          • Confirmed

          Activity

            People

              ycp Yuchen Pei
              Roel Roel Van de Paar
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Git Integration

                  Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.