Details
-
Bug
-
Status: Open (View Workflow)
-
Major
-
Resolution: Unresolved
-
10.4
-
None
Description
May or may not be connected with both MDEV-23073 and MDEV-31060. Using the same testcase from MDEV-31060, we see:
--source include/have_innodb.inc
|
CREATE TABLE t (c TEXT) ENGINE=InnoDB; |
XA BEGIN '0'; |
INSERT INTO t VALUES (b''); |
SAVEPOINT sp0;
|
XA END '0'; |
XA PREPARE '0'; |
SHUTDOWN;
|
Leads to:
|
10.4.29 ed2adc8c6f986f7e9c81d7a99f85cad0e2d46d80 (Debug, UBASAN) |
worker[1] mysql-test-run: WARNING: Check-testcase failed, this could also be caused by the previous test run by this worker thread
|
main.test 'innodb' [ fail ]
|
Test ended at 2023-04-17 06:34:10
|
|
|
CURRENT_TEST: main.test
|
|
|
|
|
Could not execute 'check-testcase' before testcase 'main.test' (res: 1):
|
mysqltest: Logging to '/test/UBASAN_MD070423-mariadb-10.4.29-linux-x86_64-dbg/mysql-test/var/tmp/check-mysqld_1.log'.
|
mysqltest: Results saved in '/test/UBASAN_MD070423-mariadb-10.4.29-linux-x86_64-dbg/mysql-test/var/tmp/check-mysqld_1.result'.
|
=================================================================
|
==3322893==ERROR: AddressSanitizer: global-buffer-overflow on address 0x5593a30c3178 at pc 0x5593a1cd8db7 bp 0x7ffe08a7c320 sp 0x7ffe08a7bac8
|
WRITE of size 64 at 0x5593a30c3178 thread T0
|
#0 0x5593a1cd8db6 in __interceptor_regcomp.part.0 (/test/UBASAN_MD070423-mariadb-10.4.29-linux-x86_64-dbg/bin/mysqltest+0x42fdb6)
|
#1 0x5593a1d9500c in init_re_comp(regex_t*, char const*) /test/10.4_dbg_san/client/mysqltest.cc:9230
|
#2 0x5593a1dba28d in init_re /test/10.4_dbg_san/client/mysqltest.cc:9312
|
#3 0x5593a1dba28d in main /test/10.4_dbg_san/client/mysqltest.cc:9694
|
#4 0x14998a962d8f in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
|
#5 0x14998a962e3f in __libc_start_main_impl ../csu/libc-start.c:392
|
#6 0x5593a1cabc44 in _start (/test/UBASAN_MD070423-mariadb-10.4.29-linux-x86_64-dbg/bin/mysqltest+0x402c44)
|
|
|
0x5593a30c3178 is located 40 bytes to the left of global variable 'overlay_dir_len' defined in '/test/10.4_dbg_san/client/mysqltest.cc:262:30' (0x5593a30c31a0) of size 8
|
0x5593a30c3178 is located 0 bytes to the right of global variable 'ps_re' defined in '/test/10.4_dbg_san/client/mysqltest.cc:265:16' (0x5593a30c3160) of size 24
|
SUMMARY: AddressSanitizer: global-buffer-overflow (/test/UBASAN_MD070423-mariadb-10.4.29-linux-x86_64-dbg/bin/mysqltest+0x42fdb6) in __interceptor_regcomp.part.0
|
Shadow bytes around the buggy address:
|
0x0ab2f46105d0: f9 f9 f9 f9 00 f9 f9 f9 f9 f9 f9 f9 00 f9 f9 f9
|
0x0ab2f46105e0: f9 f9 f9 f9 00 f9 f9 f9 f9 f9 f9 f9 00 f9 f9 f9
|
0x0ab2f46105f0: f9 f9 f9 f9 00 f9 f9 f9 f9 f9 f9 f9 00 f9 f9 f9
|
0x0ab2f4610600: f9 f9 f9 f9 01 f9 f9 f9 f9 f9 f9 f9 00 00 00 00
|
0x0ab2f4610610: f9 f9 f9 f9 04 f9 f9 f9 f9 f9 f9 f9 00 00 00 f9
|
=>0x0ab2f4610620: f9 f9 f9 f9 00 00 00 f9 f9 f9 f9 f9 00 00 00[f9]
|
0x0ab2f4610630: f9 f9 f9 f9 00 f9 f9 f9 f9 f9 f9 f9 00 f9 f9 f9
|
0x0ab2f4610640: f9 f9 f9 f9 00 f9 f9 f9 f9 f9 f9 f9 00 f9 f9 f9
|
0x0ab2f4610650: f9 f9 f9 f9 00 f9 f9 f9 f9 f9 f9 f9 00 f9 f9 f9
|
0x0ab2f4610660: f9 f9 f9 f9 00 f9 f9 f9 f9 f9 f9 f9 00 00 00 00
|
0x0ab2f4610670: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
|
Shadow byte legend (one shadow byte represents 8 application bytes):
|
Addressable: 00
|
Partially addressable: 01 02 03 04 05 06 07
|
Heap left redzone: fa
|
Freed heap region: fd
|
Stack left redzone: f1
|
Stack mid redzone: f2
|
Stack right redzone: f3
|
Stack after return: f5
|
Stack use after scope: f8
|
Global redzone: f9
|
Global init order: f6
|
Poisoned by user: f7
|
Container overflow: fc
|
Array cookie: ac
|
Intra object redzone: bb
|
ASan internal: fe
|
Left alloca redzone: ca
|
Right alloca redzone: cb
|
Shadow gap: cc
|
==3322893==ABORTING
|
mysqltest failed but provided no output
|
Attachments
Issue Links
- relates to
-
-
- Confirmed
-
-
-
- Confirmed
-
-
MDEV-14024 PCRE2
-
- Closed
-